Agentic AI should never be “hands off”

Agentic AI was arguably 2025’s biggest tech buzzword, yet a clear gap remains between hype and adoption. Deloitte’s latest Tech Trends report shows that only 11% of organisations are currently using AI agents, but momentum is building, with 30% actively exploring agentic approaches.

That direction of travel is reinforced by recent industry moves. In December, OpenAI, Anthropic and Block co-founded the Agentic AI Foundation, an open-source initiative promoting shared standards for agentic systems. It’s a strong signal that the industry is shifting away from a purely chatbot-centric mindset towards AI that can operate more proactively and autonomously, within clearly defined boundaries.

For consumers, the promise of agentic AI is familiar: assistants that understand your preferences, book travel, buy your shopping and remove friction from everyday life. For businesses, the opportunity is even greater. Agentic AI can take ownership of both back-end and customer-facing tasks, freeing teams to focus on higher-value work.

Where we’re already deploying agentic AI for clients, the impact is tangible. In one case, we cut errors in customer liability group assignment by 6% compared to human teams. That may sound modest, but this was across thousands of records, and it was completed in 10 minutes versus more than a month of human review. 

And because the cost per record can be measured, you can make a clear ROI decision about how far to scale - potentially into the billions of records where the commercial case supports it.

But there is still much to navigate with agentic AI, and some clear rules that organisations should treat as non-negotiable.

Power dynamics

The biggest rule of all is simple: never give an agent more access or authority than it genuinely needs. In several projects, we’ve deliberately avoided building a single, all-powerful agent. Instead, we design small teams of narrowly focused agents, each with a clearly defined remit. A HubSpot-specific agent, for example, might be able to read and update HubSpot data, and nothing else. 

This kind of compartmentalisation reduces risk by limiting the impact of mistakes or unexpected behaviour - and it also helps manage context. As agent responsibilities expand, so does the amount of working memory the model must reason with at once. Keeping a narrower scope reduces cognitive overload, improves reliability and avoids the long-context degradation that can emerge in more general-purpose agents.

Equally important is who controls the infrastructure the agent connects to. In most of our work, we host the server environment ourselves and explicitly define every endpoint, tool and task an agent is allowed to use. That gives us full visibility and authority over its capabilities.

By contrast, relying on a third-party MCP server means placing trust in someone else’s permissions model and security decisions. A locally run third-party server may have far more visibility into your system than expected and, depending on how it’s built, could potentially transmit data elsewhere without you realising - making it literally a non-starter when working with enterprise customers, whose security, compliance and risk teams typically require full control.

This matters even more as AI tooling makes it easier for non-or-semi-technical users to “vibe code” and experiment with agents. While that accessibility is powerful, it also introduces risk. Inadvertently exposing sensitive data is easy without the right guardrails, which is why access to technical expertise remains essential.

Visibility

Visibility into what agents are actually doing is critical. It’s entirely possible to run a collection of agents and only see the final output - quickly turning the system into a black box. Without robust telemetry that is capable of providing records on which tools an agent used, what steps it took, and the decision it made, it becomes harder to build trust, debug issues or meet governance requirements.

To address this, we recently built an agentic AI platform with an intelligent workflow layer that restores transparency. Work is broken into tickets, assigned to specific agents, and tracked across boards - from “to do”, to “in progress”, to “completed”. Agents check off tasks, review each other’s outputs, and move work forward in a way that mirrors how human teams operate.

In many cases, we also use LLMs as judges. The output of one agent is passed to another model whose sole role is to assess whether the task was completed correctly in that specific context. This layered approach gives clients far greater confidence in both the process and the results.

Human in the loop

Another golden rule of agentic AI is to always design with humans in the loop. A simple but effective pattern is a confirmation feedback loop, where agents stop short of acting automatically and require explicit human approval.

For example, an AI agent that buys your weekly food shopping based on planned meals sounds convenient, until it decides to buy an industrial quantity of spaghetti. A better approach is for the agent to propose a basket of items and allow you to approve or reject it.

Crucially, that final decision should be explicit. Rather than relying on a chat-based interaction that could be misinterpreted, approval should be built into the user experience - for example, clicking a clear “yes, buy these items” button. This pattern is increasingly emerging as a new standard for agentic systems.

This example is a fairly low stakes personal application, but it’s clear how businesses need to minimise unchecked autonomy. The widely reported Air Canada case earlier this year, in which the airline was held liable after its chatbot gave a customer inaccurate information, has served as a cautionary tale that organisations remain accountable for what their AI systems do. 

‍

Agentic AI is powerful, and is increasingly being bought into as a plug-and-play option. But while it’s fairly easy to get something working, it’s much harder to make it safe, reliable and governable. Done well, agentic AI can transform how organisations operate. Done poorly, it can introduce hidden risks just as quickly as it removes old ones. That’s why thoughtful design, clear boundaries and the right expertise remain as important as the technology itself.

‍

‍

‍