AI agents — systems where a language model takes sequences of actions, observes the results, and decides what to do next — have moved from a research curiosity to a production pattern in 2024–2025. Most early agent frameworks overpromised and underdelivered. Here is what actually works and how to build reliable agent systems.
What Makes a System an Agent
A language model by itself is not an agent — it is a function that takes text and returns text. What makes a system agentic: tool use (the model can take actions: run code, search the web, read files, call APIs, write files); multi-turn operation (the model continues operating based on the results of previous actions, not just one prompt-response cycle); persistence (state is maintained across actions — the model knows what it has already done); goal-directedness (the system is working towards a defined objective rather than answering one question). The minimal agent loop: the model observes the current state → chooses an action → executes the action → observes the result → decides whether to continue or stop. This is the ReAct pattern (Reasoning + Acting) — the most reliable foundation for agent systems. What agents are currently good at: tasks where there is clear signal of success or failure (code executes or doesn’t; tests pass or fail; search returns results; file is written); tasks with well-defined intermediate steps that the model can verify; tasks where a human could complete the same task by following a defined process. What agents currently struggle with: open-ended creative tasks with no clear stopping criterion; tasks requiring understanding of physical world context; tasks where the model’s hallucination rate compounds across many steps.
Practical Patterns
Tool design is the most important architectural decision: the tools available to the agent determine what it can do and how reliably it does it. Effective tool design: each tool does one thing clearly; tool descriptions are precise and include example inputs and outputs; tools return structured output the model can parse; tools handle errors gracefully and return error information rather than throwing. The verification pattern: after each significant action, have the agent verify the result explicitly. Running code → checking the output. Writing a file → reading it back. Making an API call → confirming the response. This explicit verification loop dramatically reduces errors that compound across many steps. The minimal context principle: an agent’s context window is finite. Agents that try to maintain all information in context quickly run out of space. Design agents to summarise and store relevant information externally (files, databases, memory systems) rather than accumulating it all in the context. Checkpointing: for long-running tasks, design the agent to save its state at logical stopping points so that if it fails, it can resume rather than restart. Parallel subtasks: when a task decomposes into independent subtasks, run them in parallel. This requires an orchestration layer but dramatically reduces total time. Multi-agent systems: using multiple specialised agents rather than one general agent has proven more reliable for complex tasks. A planner agent decomposes the task; specialist agents (coder, searcher, verifier) execute components; a critic agent reviews the outputs. This mirrors how organisations work and leverages the model’s ability to maintain a focused context.
Reliability and Safety
The reliability problem: an agent that is 90% reliable at each of 10 steps has a (0.9)^10 = 35% success rate for the complete task. Reliability at the individual step level must be very high for multi-step tasks to succeed reliably. Practical implication: keep agent tasks as short as possible; decompose long tasks; verify frequently. Human-in-the-loop: for consequential actions (sending emails, committing to external APIs, spending money), build in a confirmation step where the agent presents the planned action and waits for approval. This dramatically reduces the cost of agent errors. Sandboxing: agents that can execute code, access the filesystem, or make network requests must be sandboxed to prevent unintended side effects. The blast radius of an agent error should be contained. Logging and observability: agents doing many steps over extended periods must have comprehensive logging. When an agent fails 37 steps in, you need to be able to reconstruct exactly what it did. The key metrics: steps completed per task, error rate per step, recovery rate after errors, task completion rate. The current state: as of 2025, simple single-step tool-use agents are reliable in production; multi-step autonomous agents over long horizons require careful design and still have meaningful failure rates for complex tasks. The technology is improving rapidly.
