On the 2025 to-do list: figure out AI agents

Recent years have seen waves of AI innovation breaking faster than we can figure out good practice. Organisations around the world are working hard, not only to find ways to put AI to work, but to do so safely and responsibly. The AI to-do list often seems to be growing longer faster than we can strike items off it - but the only route to good practice is practice.

The advent of AI agents promises to add more items to the to-do list. The AI agent wave started cresting in 2024, and will break in 2025. Several major technology vendors and platforms already offer their customers the ability to build, configure and operate AI agents in an enterprise context, and the ability for consumers to build agents or to subscribe to existing agents, cannot be far behind (indeed, it is likely that, by the time this article is published, it will already be happening).

I believe that this means that enterprise technologists quickly need to work out the answers to some important questions, starting with the three below. If you already believe that you know the answers, please share thoughts or links in the comments.

What is an AI agent?

We can adopt a rough and broad definition of an AI agent as: a technology solution in which a user interacts with an AI model, and the model is empowered to trigger actions outside its own context. That is, rather than just returning a result, or giving a text response to a prompt, the solution can initiate actions in other systems.

However, I don’t think that this rough and broad definition does enough work. For example, for technologists, how should we treat an agent as a configuration item? Is an agent like a container, a piece of software running within a defined environment? Or is it a combination of a service and a set of data which is used to preserve context and conversation? If we want to keep a record of an agent’s behaviour, what do we keep? The model, the context, the conversation, the interaction, the training data, or all of the above?

Agents will proliferate, and we will need to work out how to manage them - to do that, we need to have a clear idea of what they are.

How do we authenticate AI agents and determine their authority?

Authentication is one of the persistent problems of digital services: we want our services to be helpful, but only to the right person. We don’t want to help people who are trying to scam or impersonate our users. But we also don’t want to put so many barriers in their way that services become useless.

We can expect the growth of AI agents to make this problem harder, at least for a while. As well as agents which organisations provide to their users, we can expect an industry of third party agents to arise. Organisations will need to determine, not just whether a user is who they say they are, but whether an agent which claims to be acting on behalf of a user can be trusted as a true representative. And even when we solve problems of identity, problems of authority will remain. Is the agent that you use to queue online for concert tickets also authorised to access your bank account? And, if so, to what value?

Agents are, by definition, intended to act - to ensure that action is safe, we need to know who they represent and what they are allowed to do.

How do we check the validity of an AI agents’ behaviour?

If you have ever written code for a front end system, you will know that a remarkable amount of it is made up of error handling, warnings and disclaimers. You can see an example of this the next time that you make a payment using your banking app. The app will only let you select the bank accounts that belong to you, will only let you enter an amount within your limits, and will ask you whether you have any reason to think that you might be the target of a scam. This interaction assumes that a human being is operating the interface, and understands what the messages mean.

The simplest way of dealing with an AI agent would be to apply the same techniques: to prevent the selection of invalid options, to present warnings and to check intent, relying on the agent’s data and language handling capabilities to make sense of them. Yet we cannot be sure that an AI agent will respond to these techniques in the same way as a human: if it is optimised to complete a transaction, for example, it may ignore warnings. And it is far from clear what the meaning of ‘intent’ is when interacting with an agent.

Humans get things wrong in unexpected ways, and agents will do so too - we need to know how to determine that their behaviour is valid.

Just like other forms of AI, agents offer potential and productivity. The prospect of having an AI agent which does some of our boring online admin work is compelling. But in order to get value from agents we have to give them power - and granting that power responsibly means addressing the questions above (and many more). Asking and answering such questions is an essential part of innovation - for this wave and the next.

(Views in this article are my own.)