TL;DR: A chatbot answers questions. An agent takes action using your tools and data - under rules, with logs, and approvals. Treat agents like junior teammates: give them a clear goal, limited permissions, and supervision. Start by automating one small, valuable slice with guardrails and a tight ROI loop.
What is an agent?
In plain English: an AI agent is software that can decide what to do next and do it using your systems - like a junior teammate with a checklist, API access, and a supervisor.
- The LLM provides reasoning and language.
- The agent wraps that reasoning with tools (APIs, databases, spreadsheets, email, ticketing, CLI), policies (permissions, approvals), and memory (context about your business).
- It works in a loop: plan → act → check → repeat, and pauses for humans when the step is risky or ambiguous.
Not all AI is an agent. “Chat with your data” is helpful. But until the system can call tools and complete a workflow - with logging and approvals - it isn’t an operational agent.
Chatbot vs. agent (quick comparison)
| Dimension | Chat with an LLM | Agent (LLM + tools) |
|---|---|---|
| Primary value | Answers questions | Takes action to complete tasks |
| Inputs | Prompts, documents | Prompts + systems, APIs, files, CLI |
| Outputs | Text, summaries | Tickets updated, emails sent, spreadsheets reconciled |
| Governance | Minimal | Permissions, audit trail, approvals |
| Best use | Research, drafting | Back‑office ops, data hops, repetitive workflows |
| Treat agents like supervised junior teammates: clear goals, limited permissions, logs, and approvals. | ||
How agents work (the 5 building blocks)
- Goal – What outcome are we driving? (e.g., “Reconcile August SaaS invoices.”)
- Tools – What can it use? (ERP API, Google Sheets, email, ticketing, S3, CLI.)
- Memory – What should it remember? (Vendors, GL codes, SLAs, business rules.)
- Policies – What are the guardrails? (Who it can contact, spend caps, PII rules.)
- Observability – What happened, when, and why? (Logs, approvals, rollbacks, metrics.)
The loop is simple: plan → use a tool → read the result → decide next step. When uncertainty or risk spikes, the agent triggers ask‑to‑act (human approval) before proceeding.
The main flavors of agents (with real‑world examples)
1) Chat assistants (LLMs in chat)
What: Conversational helper that searches knowledge and drafts content.
Used for: Sales emails, proposal drafts, policy summaries, SOPs, meeting notes.
Limit: Without tool access, it can’t update records or move a process forward.
2) Workflow agents (back‑office doers)
What: A “do the thing” agent that moves data between systems and finishes tasks.
Examples by function:
- Finance/AP: Pull invoices from vendor portals → match to PO/GL → flag exceptions → draft vendor emails → queue payments (approval required).
- Ops/HR: Create onboarding tickets in HRIS/IT → provision accounts → file a checklist in your PM tool → ping hiring manager for missing items.
- RevOps/Marketing: Clean a lead list → enrich via API → dedupe CRM → assign to reps with territory rules → create follow‑up tasks.
Signature move: Logs every step and asks for approval before irreversible changes.
3) Command‑line / DevOps agents
What: A supervised bot that runs safe, allow‑listed commands.
Examples: “Rotate credentials,” “tail logs,” “rollback the last deploy,” “open a GitHub issue with logs attached.”
Why it works: Easy to fence with allow‑lists, sandboxes, and time‑boxed tokens.
4) Inbox & triage agents
What: First‑pass responder that categorizes, drafts replies, and opens/updates tickets.
Examples: Support inbox triage, AP/AR inbox sorting, HR requests.
Human in the loop: Agents propose; humans approve and send.
5) Multi‑agent patterns (router + doer + checker)
What: A small team of agents where each has a role: one routes the request, one executes, one checks quality/compliance.
Use when: There are many task types, multiple systems of record, or required compliance steps.
Where agents shine - and where they don’t
Great fit
- Repetitive work with clear rules but variable context
- “Last‑mile” tasks that require reading, comparing, and updating across multiple systems
- Processes you tweak often (change is cheaper when you own the logic)
- Thin UIs and checklists for operators; the automation does the heavy lifting
Poor fit (or needs a narrow scope)
- Strategy and net‑new product decisions
- High‑stakes, irreversible actions without human approval
- Messy or disputed data with no single source of truth
- Rare, novel, or undefined work (start with a human‑led pilot and document)
Use cases by function (starter menu)
| Function | High‑value use case | Typical trigger | Tools used | Guardrail to start | KPI to track |
|---|---|---|---|---|---|
| Finance/AP | Invoice → PO/GL matching & exceptions | Monthly close window | ERP, email, Sheets | Read‑only first; approvals for emails/payments | Time to close; exception rate |
| Finance/AR | Cash application & dunning drafts | Payment posting daily | ERP, bank feed, email | Approval before send | DSO; % auto‑matched |
| RevOps | Lead hygiene & routing | New lead batch | CRM, enrichment API | Write only to sandbox first | Speed‑to‑lead; dupes removed |
| Sales | Proposal/SOW assembly | Stage change | CPQ, doc gen, e‑sign | Template allow‑list | Cycle time; redlines reduced |
| HR/IT | On/offboarding orchestration | Hire/termination event | HRIS, IDP, MDM | Role‑based provisioning plan | Time‑to‑productive; access errors |
| Support | Triage & knowledge suggestions | Ticket created | Helpdesk, KB | Suggested replies only | First‑response time; deflection |
| Legal | Intake & clause checks | Request submitted | Intake form, clause lib | Read‑only; checklist output | Review time; deviations caught |
| Procurement | Vendor risk review packet | New vendor request | GRC tool, web checks | Evidence attach only | Time to approve; completeness |
Personal workflow recipes (build literacy across the org)
These are 15‑minute wins that help every BA/analyst/manager learn to “think in agents”:
- Inbox triage with approvals: Label, draft replies, and create tickets - user hits send.
- Meeting prep pack: Pull agenda, last notes, open tasks, and relevant KPIs into one doc.
- Spreadsheet sanity check: Validate totals, spot anomalies, and write a short “what changed” summary.
- Policy Q&A with receipts: Answer policy questions and attach links to the authoritative source.
- RFP digest: Extract requirements, build a compliance matrix, and flag gaps for SMEs.
- Expense audit sampler: Spot likely duplicates or out‑of‑policy items and queue a reviewer task.
Why this matters: Literacy first. When the average BA can design and supervise a simple recipe, adoption accelerates and big projects carry less risk.
Capability building: from pilot to culture
What “good” looks like in 60–90 days
- Agent Champions Network: 1–2 champions per function run weekly office hours.
- Playbooks & Templates: 5–10 vetted recipes (e.g., “AP Exceptions,” “Sales Proposal Pack”).
- Guardrails Library: Reusable approvals (send, pay, delete), role‑based access, PII redaction rules.
- Tool Registry: An allow‑listed catalog of APIs/Connectors with test data and smoke tests.
- Agent Ops Dashboard: Volume, success rate, approvals, rollbacks, and time saved.
Our role: We don’t just build agents - we instill the capability. That includes team training, playbooks, an internal “Agent 101/201” curriculum, and co‑development so your BAs and operators can extend agents and own the backlog.
Safety, risk, and compliance (the essentials)
- Least privilege: Start read‑only; graduate to scoped writes.
- Ask‑to‑act: Human approval for sends, payments, deletions, or data writes across systems.
- Audit trail: Who/what/when/why with before/after states; exportable for audit.
- PII & secrets: Redact where possible, vault credentials, rotate time‑boxed tokens.
- Fail‑open design: If the agent is down, the team can still work manually.
- Testing: Sandbox with synthetic data; smoke tests per tool; change control for prompts/policies.
Architecture notes (keep it boring and governable)
- Hub‑and‑spoke: One Agent Gateway mediates tools/permissions; individual agents plug in.
- Allow‑listed tools: Central registry with scopes and logs.
- Human‑in‑the‑loop surfaces: Approvals in systems your team already uses (email, Slack, ticketing).
- Observability: Centralized logging with metrics and replay/rollback where feasible.
How to pilot an agent in two weeks
- Pick a tiny slice (30–90 minutes/day reclaimed), e.g., AP exception triage.
- Define success in numbers (time saved, error rate, cycle time).
- List tools (read‑only first) and name the approver for any writes/sends.
- Draft guardrails (who can it contact? spend caps? PII handling?).
- Prototype in the Room: In 1–5 days we co‑build a working slice with logs, approvals, and a path to production.
- Decide with data: TCO, migration plan, and a 30‑60‑90 rollout with training and ownership.
Ready to try it on a real workflow? Book a Prototype in the Room and bring a process. We’ll build the slice together and train your team.
Simple ROI math (example)
Assume AP exception handling consumes 10 hours/week at $60/hr fully loaded.
Pilot automates 60% with human approvals → 6 hours/week saved.
Annualized: 6 × 52 × $60 = $18,720 gross savings.
Add avoidance (late fees, reduced errors) and knock off your pilot cost to get net ROI.
Use this same math for cycle time and error‑rate improvements.
Want a structured calculator? See Build vs. Buy.
Quick FAQ
Will agents replace staff?
They replace busywork, not expertise. The best results pair agents with domain experts who set goals and guardrails.
Do we need data scientists?
No. You need a small cross‑functional team: a process owner, a system owner, and an engineer to connect tools safely.
How do we keep agents from “going rogue”?
Use allow‑listed tools, least‑privilege credentials, test data, and ask‑to‑act for risky steps. Log everything.
What about compliance?
Build audit from day one: log every action, redact PII, enforce data residency, and reuse your existing controls (SSO, RBAC, DLP).
How do we measure ROI?
Track time saved, error rate, cycle time, and cost avoidance (licenses, outages, vendor changes). Then run the Build vs. Buy math.
Jargon‑to‑plain‑English glossary
- LLM – The text‑reasoning engine (the “brain”).
- Tool call – Letting the agent use an API, database, spreadsheet, or CLI.
- Context window – How much text the model can read at once.
- Memory – Facts the agent keeps across steps (customers, SKUs, rules).
- Agent loop – Plan → act → check → repeat.
- Vector DB – A fast “similarity search” index for your documents.
- Ask‑to‑act – An approval step for risky actions (send/pay/delete/write).
- Agent Gateway – A central service that mediates tool access, policies, and logging.