AI Agents

AI agents are software systems that use artificial intelligence — most commonly a large language model (LLM) — as a cognitive controller to perceive inputs, reason about goals, plan action sequences, and execute actions through external tools or APIs, iterating over multiple steps to complete complex tasks without requiring a human to approve each individual action. Unlike a conversational AI system that produces a single response and waits, an agent takes initiative: it queries databases, writes and executes code, navigates web pages, calls APIs, sends messages, and revises its approach based on the results it receives. The period from 2025 onward has been widely described in the AI industry as "the era of AI agents," reflecting the rapid maturation of the architectures and infrastructure needed to deploy agents reliably.[^1]

Architecture

An AI agent built on an LLM typically has four functional components.

Perception is the agent's ability to receive and interpret diverse inputs — text, structured data, images, audio, code, and the outputs of tool calls. Modern multimodal LLMs can process all of these natively, allowing agents to work with heterogeneous information sources without preprocessing pipelines.

Reasoning and planning is handled by the LLM itself. Given a goal and the current state of the world (including conversation history and tool outputs), the LLM generates a plan: which tools to invoke, in which order, and how to handle intermediate results. Chain-of-thought reasoning, where the model explicitly articulates intermediate steps before acting, is a common prompt design pattern that improves plan quality for complex tasks.

Memory allows an agent to retain information beyond a single context window. Short-term memory is held in the active context window. Long-term memory is implemented by writing facts, summaries, or retrieved documents to an external store (a database or vector database) and retrieving them when relevant. Memory management — deciding what to store, when to retrieve, and how to compress long histories — is an active research problem.

Tool use (also called function calling) is the mechanism by which an agent affects the world beyond text generation. The LLM selects a tool from a predefined set (a web search API, a code interpreter, a file system, a calendar, a CRM system), generates a call with appropriate arguments, receives the tool's output, and incorporates it into its reasoning. Tool results are returned to the LLM as new context, continuing the reasoning loop.

Agentic Design Patterns

Several recurring design patterns organise agent behaviour:

ReAct (Reason + Act) interleaves reasoning steps ("Thought") with tool invocations ("Action") and their results ("Observation"), allowing the agent to adjust its approach based on tool feedback before each next step.[^2]

Plan-and-Execute separates planning from execution. A planning module generates a complete multi-step plan before any tools are invoked; an execution module carries out the steps, potentially feeding results back to the planner for re-planning if steps fail.

Reflection and self-critique patterns have the agent evaluate its own outputs against the original goal or a set of criteria, producing a critique that guides revision. This reduces errors and improves output quality for tasks with clear correctness criteria.

Multi-agent systems decompose complex tasks across multiple specialised agents — a researcher, a writer, a fact-checker — that communicate and coordinate through a shared message bus or orchestrator. Frameworks such as Microsoft AutoGen and CrewAI implement multi-agent orchestration patterns.

Tool Ecosystems

The Model Context Protocol (MCP), introduced by Anthropic in 2024 and adopted broadly in 2025, defines a standardised interface for connecting LLM-based agents to external tools and data sources. MCP enables tool developers to publish connectors that any compatible agent can use, reducing the integration burden for both agent builders and tool providers. By mid-2025, thousands of MCP servers had been published for services including databases, developer tools, communication platforms, and enterprise software.

Safety and Reliability

Autonomous agents introduce safety risks distinct from those of conversational AI. An agent that can execute code, send emails, or modify files can cause irreversible real-world harm if it misinterprets instructions or encounters edge cases not anticipated in its design.

Key mitigation strategies include minimal footprint principles (granting agents only the permissions needed for a specific task), confirmation checkpoints where the agent pauses for human approval before high-stakes actions, sandboxed execution environments for code generated by agents, and output auditing. The concept of a "human in the loop" — a checkpoint at which a human reviews the agent's proposed action before it executes — is a standard design consideration for production deployments.

Reliability challenges include context length limitations that prevent agents from maintaining full task history over long workflows, error propagation (where early mistakes compound into larger failures), and the tendency of LLMs to hallucinate tool names or arguments that don't match the actual tool specification.[^3]

See Also

References

References

1. MIT Sloan Management Review. (2025). Agentic AI, explained. MIT Sloan School of Management. https://mitsloan.mit.edu/ideas-made-to-matter/agentic-ai-explained
2. Yao, S., Zhao, J., Yu, D., Du, N., Shafran, I., Narasimhan, K., & Cao, Y. (2023). ReAct: Synergizing Reasoning and Acting in Language Models. ICLR 2023.
3. AWS. (2025). Evaluating AI agents: Real-world lessons from building agentic systems at Amazon. AWS Machine Learning Blog. https://aws.amazon.com/blogs/machine-learning/evaluating-ai-agents-real-world-lessons/
4. Anthropic. (2025). Claude Agent SDK: Building autonomous AI workflows. Anthropic Documentation.
5. BNM. (2024). Risk Management in Technology (RMIT) Policy Document. Bank Negara Malaysia.