Agents demo beautifully and fail quietly. In a controlled demo, the happy path runs clean and the room is impressed. In production — with messy inputs, real permissions and thousands of runs a day — the same agent drifts off course, loops, or quietly does the wrong thing without anyone noticing. Gartner expects over 40% of agentic AI projects to be cancelled by the end of 2027 — citing escalating costs, unclear value and weak risk controls. The failures are remarkably predictable, which is the good news: predictable problems have known countermeasures.
Why this matters
An agent isn't just a chatbot with a longer prompt. It plans, calls tools, reads results and decides what to do next — often across many steps, with little human supervision in between. That autonomy is exactly what makes agents valuable and exactly what makes them dangerous. A traditional script does the same thing every time; an agent improvises. When it improvises well, you get leverage. When it improvises badly, you get an incident that's hard to reproduce and harder to explain.
The failure modes
- Compounding error. An agent chains steps; a 90%-reliable step run five times is only ~59% reliable end to end. Reliability multiplies, it doesn't average, so long chains decay fast.
- Unbounded cost and loops. Without limits, an agent can spiral — retrying, re-planning, re-reading the same document, burning tokens and money on a task it will never finish.
- No guardrails. Letting output act directly (run code, send mail, move money, delete records) turns a hallucination into an incident with real-world consequences.
- No evaluation. You can't improve what you can't measure, and agent trajectories — multi-step, branching, non-deterministic — are genuinely hard to score.
An agent doesn't make an unreliable workflow reliable. It makes it autonomous — which is worse.
A concrete example
Imagine an agent that triages support tickets: read the message, look up the account, draft a reply, and issue a refund if policy allows. Each individual step is around 95% reliable. Strung together unsupervised, the end-to-end success rate drops below 80% — and the failures aren't harmless. A misread account number plus an unguarded refund tool means money leaves the building because of a confident guess. The fix isn't a smarter model; it's removing the agent's ability to act irreversibly without a check.
What the survivors do
- 1.Start with one narrow, valuable task, not a general-purpose agent. Scope is the single biggest predictor of success.
- 2.Constrain tools and permissions to the minimum the task needs — no standing access to anything destructive.
- 3.Keep a human approving anything irreversible: payments, deletions, external communications.
- 4.Instrument every step — inputs, outputs, cost, latency, success — so you can see drift before users do.
- 5.Cap the loop. Hard limits on steps, retries and spend turn a runaway into a clean, logged failure.
What this means for your team
Treat the agent as an unreliable junior employee, not a finished feature. Give it a tight job description, limited system access, and a manager who signs off on the consequential moves. Build the evaluation harness before you scale — see our note on building an eval harness for LLM features — and resist the urge to widen scope until the narrow version is boringly reliable. The teams that ship agents successfully are almost never the ones that aimed highest; they're the ones that aimed small and instrumented everything. If you're weighing where an agent genuinely earns its keep, we're happy to talk it through.