Not all Agents are equal

Demystifying AI Agents for non-technical leaders, helping you to put in place proportionate governance.

‍

"AI Agents": One of the most used terms in AI in 2026. Every platform, every vendor update seems to feature new agent capabilities. They're getting easier to build, easier to deploy, and easier for anyone in your organisation to start using, with or without your knowledge. And some are incredibly capable. But they bring with them a set of risks far beyond what we see with existing chatbot platforms, which need leadership focus now.

The ease of deploying a personal AI Agent

Recently, I downloaded Claude Cowork. It required no technical skill (and Claude talked me through every step). It is exceptional in its capability, able to use a multitude of tools to actually accomplish tasks in ways that previous Language Models have fallen short: 

• "Look in this file, find every instance of a logo and collate them in another file". Done.
• "Find every instance I've written a bio, collate them in a document, then use them to write different versions of my bio for audiences x, y and z". Done
• "Take this description of one of our products, turn it into a diagram, using Canva, with our branding". Done

Clients are already asking us to help their teams integrate it into their AI capabilities.

But I could've plugged Cowork into my Inbox, Chrome, Drive, file structure and many other 'Connectors' that can be switched on with one click. Anthropic is clear, though, about the limitations and considerations when working with Cowork: "the risk of prompt injection attacks is non-zero. Users should avoid granting access to files with sensitive information"

This is just one window into the increasingly accessible and potentially wild-west world of AI Agents. AI agents can be incredibly powerful. How we manage their safe integration will be the biggest AI-related test for leaders yet.

• Too much governance and you miss out on potentially game-changing innovation.
• Too little governance, and you introduce potentially significant risks to your organisation.

This first post aims to establish enough shared, practical language to enable leaders across sectors to identify and categorise AI agents that they come across, in order to have a useful conversation about what needs governing, and how.

What makes something an AI agent?

"an automated entity that perceives its environment and takes actions to achieve its goals" is how ISO/IEC 22989 describes an AI agent. It's a useful starting point, but quite broad — which is why a set of practical characteristics helps us understand the range of different agents out there.

AI tools that act autonomously

The most significant characteristic is that an agent has some degree of autonomy. It either:

• Starts a task on its own (e.g. our 'AI tenders researcher' that starts every Monday morning and researches for potential tenders against a set of criteria)
• Completes a task on its own (e.g. an agent that, on instruction from a human, takes client details and updates a CRM)
• Both starts and completes a task on its own (e.g. an agent that spots an email to a helpdesk, and sends a Teams message to available members of the team).

It's level of autonomy is one factor in assessing the level of risk an AI Agent brings.

AI that uses tools and systems

In most cases, an agent uses (and is therefore connected to) tools and systems. Put simply, 'tools' can be things like: your email; a database; a CRM; the web; a codebase. These connections to 'tools' are what give an agent its capabilities.

The choices people make about which systems to connect, and what level of access to grant, is another factor that has direct bearing on the level of risk an agent carries.

AI that makes choices about how to approach a task

Some agents go beyond following a set sequence of steps. They assess a situation and decide how to respond — which tool to use, what order to do things in, how to handle something unexpected. Often with little or no human oversight. Some can also retain information (memory) from previous interactions, building up context over time that shapes how they approach future tasks.

The level of human oversight we have over the decisions that an Agent makes is a third factor in determining risk.

Where might you encounter AI agents?

The characteristics above describe what agents can do. In practice, leaders are more likely to encounter them in three forms, which carry very different governance implications.

Customised AI models (sometimes called "agents", not always necessarily "agents")

Shows up as: Something built by one of your staff in Copilot, that is called an 'Agent'

Many of the things currently being labelled as "agents" are not necessarily 'agentic'. A Copilot Agent, in its simplest form, is a chatbot with custom instructions and access to a set of documents. Someone has configured it to respond in a particular way, perhaps for a specific audience or topic. Potentially very useful, but not really an 'Agent', and as a result, significantly lower risk.

Copilot Studio can be used to build tools with genuine agentic capability. The difficulty is that "agent" is being used to describe both a chatbot pointed at some documents, as well as a tool that autonomously acts on live systems. In reality, one needs to be governed quite differently to the other.

Purpose-built single-task Agents

Shows up as: A capability that you decide to procure as a ready-made solution.

These are products or solutions designed for a specific job. They act, they use tools, they make decisions - but within defined boundaries, doing one thing well.

Examples are emerging across sectors. Salesforce's Agentforce handles customer service enquiries and sales follow-ups. ServiceNow's AI agents resolve IT support tickets end-to-end. In healthcare, tools like Corti process claims documentation.

They arrive as defined products with a defined purpose. There is a decision point when they're adopted - someone chose to procure them, and that's a moment when questions about risk, data access and oversight can be asked through existing governance processes.

General-purpose agents

Shows up as: an update to one of the leading AI models that you might already have in your organisation, or something a staff member can download.

This is the most rapidly evolving category, and where Claude's Cowork falls. A general-purpose agent that is capable of a wide range of actions depending on how someone configures, connects or instructs it.

The major platforms are now embedding agent capabilities directly into tools people already use. Microsoft's Copilot agents can be configured to monitor inboxes, respond to events, and carry out multi-step processes across M365 applications. Google's Workspace Studio allows people to build agents that monitor inboxes, extract information, and take action — all described in natural language.

The experience here is quite different from a purpose-built agent. Rather than procuring a solution, someone in your organisation uses an AI model already in your 'stack' (or downloads their own), gives it a goal, provides access to tools and sets it free.

These categories aren't neat

A general-purpose agent, once configured for a specific recurring task, starts to look a lot like a purpose-built one, except it probably didn't go through procurement. And increasingly, agents are being set up to work alongside other agents, one handing tasks to another, creating chains of action where oversight becomes even harder.

Why this matters now

Suddenly, general-purpose agents are incredibly capable. Able to take on tasks end-to-end, producing much better outputs than chatbots. Genuinely changing the way that work gets done.

But unless we're clear what tools and connections these Agents can work with, organisations risk exposing themselves to a wide range of issues.

What drives that difference is a set of practical factors: how much autonomy the tool has been given, what data it can access, what systems it can change, how critical the use case is, and how many people are using it.

Leaders need to engage with this now. Not every AI agent is high-risk, but without a shared understanding of what we're talking about, it's very difficult to make proportionate decisions about which ones are.

In the next post, I'll set out a practical framework for understanding these risk factors. If you want to make sure you don't miss it, sign up for our newsletter.

In the meantime, I'd welcome the challenge: does this way of describing AI agents make sense? What would you change? What's missing? If we're going to govern these tools well, we need language that works across sectors and levels of technical confidence. I'd rather build that collaboratively than in isolation.

--

At AIConfident we help leaders foresee and manage a range of implications relating to AI technologies. The place where we really excel is in boardrooms and with leadership teams, helping you to identify the implications that mean the most for your organisation and setting out plans, strategies and governance that enable you to be on the front foot as this change unfolds.

We're not here to sell you any AI product, or even to tell you that you need to be using AI technologies all the time. Just to support you every step of the way as you make confident decisions about how to adopt, and adapt to, AI technologies.

Sound like what you need? Get in touch

Want to make sure you don't miss our next piece on AI Agents? Sign up for our Newsletter to get all our content straight in your inbox!

--

Inage Credit: Jamillah Knowles & Digit / https://betterimagesofai.org / https://creativecommons.org/licenses/by/4.0/

‍