SourceScore

Concept · 2026-05-17

AI agents — what they are, the loop they run, and where they fail

An agent is an LLM that decides when to use tools, observes results, and chooses what to do next. The reasoning + action + observation loop became table-stakes in 2023-2024. This is the honest definition + production patterns + the failure modes nobody publishes.

Definition

An AI agent is an LLM-driven system that runs a loop: receives a goal, decides whether and which tools to call, executes the tools, observes results, and repeats until the goal is met (or it concludes it can't be).

Distinguished from a chat assistant by three things:

  • Autonomy — the model decides when to invoke tools without explicit user instructions per step
  • Tool use — the model has structured access to external systems (APIs, databases, code execution, search)
  • Multi-step planning — the model breaks goals into sub-tasks across many turns

The canonical agent loop

Every agent framework — LangChain AgentExecutor, LangGraph, DSPy, OpenAI Assistants, Anthropic tool_use, Pydantic AI, AutoGPT, BabyAGI — implements variants of the same loop:

while not done:
    thought = model.reason(goal, history)        # what's next?
    if thought.is_final_answer:
        return thought.answer
    tool_call = thought.choose_tool()             # which tool + args?
    observation = execute_tool(tool_call)         # external system runs
    history.append((thought, tool_call, observation))
    done = check_done(goal, history)

A short history

  • 2022-10: ReAct (Yao et al., Princeton + Google) — formalizes the reasoning-acting-observing interleaved pattern. Foundational paper for the entire agent generation.
  • 2023-02: Toolformer (Schick et al., Meta AI) — first to demonstrate models can teach themselves to call tools.
  • 2023-03: AutoGPT + BabyAGI — open-source autonomous agents go viral. Mostly demos, not production-ready, but seeded the public imagination.
  • 2023-06: OpenAI function calling — first first-class tool-use API. Makes agent loops easy to build.
  • 2023-09: LangChain AgentExecutor + OpenAI parallel tool calls — production-grade orchestration.
  • 2023-11: OpenAI Assistants API — managed agent runtime with persistent threads.
  • 2024-01: LangGraph (LangChain) — graph-based agent runtime with cyclic execution.
  • 2024-10: Anthropic Computer Use — agents can drive a desktop (clicking, typing, scrolling).
  • 2024-11: Anthropic Model Context Protocol (MCP) — cross-vendor tool exposure standard.
  • 2025-01: OpenAI Operator, 2025-02: Anthropic Claude Code, 2025-05: OpenAI Codex cloud agent — production agents for browser, terminal, and code.

Common production patterns

Tool-using assistant

Simplest pattern: small tool catalog (search, calendar, database), agent decides which to call. OpenAI Assistants API + Anthropic SDK tool_use are the canonical shapes.

Multi-step research

Agent receives a research goal, decomposes into sub-questions, searches multiple sources, synthesizes findings, returns structured output. Perplexity-style use case.

Code-execution agent

Agent writes code, runs it, observes errors, fixes, re-runs. Claude Code, OpenAI Codex agent, Cursor, Devin, Replit Agent.

Browser-control agent

Agent drives a browser to fill forms, click buttons, extract data. OpenAI Operator, Anthropic Computer Use, Browserbase, Multi-on.

Multi-agent orchestration

Multiple specialized agents collaborate via a coordinator. AutoGen, CrewAI, MetaGPT.

Failure modes (the honest part)

Agents fail in predictable, expensive ways. The literature underreports these:

  • Hallucinated facts in tool outputs. The agent emits a confident summary citing tools it never called, or cites the right tool but invents the result. Mitigation: signed verification (e.g., VERITAS-style verification layer).
  • Infinite loops. Agent calls tools repeatedly without making progress. Mitigation: hard max-steps limit + budget tracking + sanity check on each new tool call vs prior calls.
  • Wrong tool selection. Agent picks the wrong tool from a too-large catalog. Mitigation: keep catalog ≤10 tools per agent OR use hierarchical agent routing.
  • Cost runaway. Multi-step agents can rack up $X per query when a chat assistant would cost $0.01. Mitigation: per-step token budget + cost ceiling alert.
  • Tool argument hallucination. Model fabricates JSON arguments. Mitigation: typed schemas (Pydantic, Instructor) + runtime validation + retry on validation failure.
  • Stale context. Agent loses earlier observations because the context window overflows. Mitigation: summarization / scratchpad / external memory.
  • Prompt-injection from tool outputs. A tool returns malicious text that hijacks the agent. Mitigation: sandbox + careful prompt boundaries between observations and reasoning.
  • Misaligned sub-tasks. Agent decomposes the goal incorrectly, optimizes wrong sub-objective. Mitigation: explicit task verification + human checkpoint for high-stakes decisions.

When NOT to use an agent

The 2023-2024 demo cycle oversold agents. A single LLM call with no tool use is often better when:

  • Goal is well-defined + single-turn (summarize this; classify this; extract structured data)
  • Tool catalog is empty or one tool deep (just do RAG; no agent needed)
  • Latency budget is <500ms (agent loops add 2-10s minimum)
  • Cost budget is tight (an agent costs 5-50× a single chat call)
  • Failure is unrecoverable (an agent doing something wrong autonomously is worse than a chatbot saying something wrong)

Picking a framework

We ship 8 integration guides. Quick pick:

Agents + grounding

Agents amplify both correct outputs AND hallucinations. A chatbot that hallucinates once shows the user once; an agent that hallucinates in step 3 of 12 builds the next 9 steps on top of the lie. Grounding matters more for agents than for chatbots.

See AI agent grounding use case for the verify_claim tool pattern that pairs every agent loop with fact verification.