AI Agents & Agentic Systems

A system that uses an AI model as its reasoning core to take sequential actions toward a goal — plan, act, observe, repeat — without human intervention at each step.

"Our support agent doesn't just answer questions — it looks up the customer's account, checks billing history, and can issue refunds autonomously if the policy allows it."

The repeating cycle driving an agent: think → act → observe → repeat. Each iteration of the loop is called an agent step. The loop continues until the goal is reached, a stopping condition is met, or a safety check triggers a halt.

"The agent took 12 steps to complete the task — each step it called a tool, got a result, and updated its plan."

A prompting strategy where the agent alternates between Reasoning (writing out its chain-of-thought) and Acting (calling a tool or producing output). The reasoning step is called the scratchpad.

"Our agent uses the ReAct pattern — every tool call is preceded by a Thought step so we can debug why it chose that action."

The mechanism by which an agent invokes external capabilities: searching the web, querying a database, calling an API, executing code. The agent outputs a structured request (tool name + arguments), and the result is returned as an observation.

"The agent called the get_weather tool with {"city": "Kyiv"} — the tool returned the forecast and the agent incorporated it into its response."

The collection of tools available to an agent, each described with a name, description, and input schema. The agent reads these descriptions to know what it can do. Good descriptions are critical — vague descriptions lead to tool misuse.

"We added a new send_email tool to the registry — now the agent can send notifications without human intervention."

The complete sequence of steps an agent takes to complete a task — the full history of thoughts, actions, and observations across the entire run. Used for debugging, evaluation, and fine-tuning.

"We analysed 100 failed task trajectories and found the agent was getting stuck in a loop when the search tool returned no results."

The top-level agent in a multi-agent system that breaks a complex task into subtasks and delegates them to specialised sub-agents.

"The orchestrator agent receives the ticket, classifies its intent, then delegates to a knowledge retrieval agent, a policy checker, and a response composer."

A specialised agent that handles a specific type of subtask, called by the orchestrator. Sub-agents may have their own tools, prompts, and context.

"We have four sub-agents: coding, testing, documentation, and deployment — the orchestrator delegates tasks to each based on the step."

The transfer of control from one agent to another — passing context, intermediate results, and the remaining goal description.

"After the research agent completes its phase, it hands off to the writing agent with a summary of findings and the target audience parameters."

Agent memory held in the LLM context window — fast and immediately accessible but limited by context length and lost at session end.

"For a single-session task, in-context memory is sufficient — the agent holds all its observations in the conversation thread."

A database outside the LLM context that the agent reads from and writes to — enabling cross-session persistence beyond context window limits. Types: episodic (past interaction summaries), semantic (domain facts), procedural (successful action patterns).

"The agent writes a summary of every customer interaction to its episodic memory store — so next session, it knows the customer's history without re-reading everything."

Safety mechanisms that constrain agent behaviour. Input guardrails check incoming requests; output guardrails check the agent's actions before execution.

"Our input guardrail blocks requests asking the agent to execute system commands. Our output guardrail scans every code snippet for dangerous patterns."

A pause in the agent's execution where it asks a human to confirm before proceeding — used for high-stakes or irreversible actions.

"The agent pauses and asks for approval before sending any email — irreversible actions always require human confirmation."

An attack where malicious content in the environment (a web page, a document, a tool result) tries to override the agent's instructions or hijack its behaviour.

"The agent was tricked by prompt injection in a web page it browsed — the page contained hidden text instructing the agent to forward all emails to the attacker. Our output guardrail detected and blocked this."

Evaluation pipelines that test agent behaviour on a benchmark of tasks. Multi-step and non-deterministic — harder than single-response evals. Key metrics: pass rate, average steps per task, cost per task.

"We run agent evals on every deployment — the agent must complete at least 85% of the benchmark tasks correctly to pass CI."