“Agent” is the most overused word in AI marketing right now. For boards, the practical difference is simple: a chatbot talks; an agent can act. The moment an AI system is allowed to trigger workflows, call APIs, write tickets, change configurations, or contact customers—your risk model changes.
Chatbot vs Workflow vs Agent (A Clean Separation)
Chatbot
- Does: answers, drafts, summarizes
- Doesn’t: execute actions in external systems
- Primary risks: misinformation, leakage, reputational content errors
Workflow automation
- Does: follows deterministic steps you defined
- Primary risks: classic automation errors and access control mistakes
Agentic AI (agent)
- Does: plans multi-step work and uses tools (email, web, ticketing, databases, code)
- Primary risks: excessive agency, over-privilege, prompt injection, unpredictable tool use, action loops
OWASP explicitly calls out “Excessive Agency” as a major risk category for LLM applications (OWASP LLM Top 10 2025).
Why Agents Are Attractive (and Why They Fail)
Agents are attractive because they can:
- reduce coordination costs (fewer handoffs)
- do “glue work” across tools
- operate continuously and at speed
They fail when:
- they are given broad access “for convenience”
- tool results are not validated
- the system can’t be interrupted safely
- logs are insufficient to reconstruct actions
The Board-Relevant Control Set for Agents
If management wants agentic systems, ask for these controls up front:
1) Least privilege by design
- narrow scopes per tool
- time-bound credentials
- deny-by-default on sensitive actions
2) Human approval on critical actions
Examples: customer communications, payments, policy changes, production changes, legal commitments.
3) “Stop button” and bounded execution
- kill switch
- maximum steps/time/cost per run
- safe failure modes (what happens on uncertainty?)
4) Monitoring and auditability
- tool invocation logs
- anomaly detection on unusual action patterns
- incident response runbooks that include agent actions
The UK NCSC’s 2026 guidance on careful adoption of agentic AI services emphasizes starting small, using low-risk tasks first, and applying established cyber security controls (least privilege, limiting scope, temporary credentials, monitoring, and incident planning) (NCSC guidance).
When Agents Are Appropriate (and When They’re Overkill)
Agents can be appropriate when:
- tasks are repetitive and low-impact
- the environment is constrained (limited toolset, limited permissions)
- outcomes can be verified cheaply
Agents are usually overkill when:
- a deterministic workflow would do
- the system touches high-consequence decisions without clear verification
- the organization cannot monitor or respond to incidents quickly
A Board-Level Question That Cuts Through the Hype
Ask management:
“If this agent makes one wrong action, what is the worst credible outcome—and what control prevents it?”
If the answer is vague, the agent is not ready.
If you want to understand agents deeply—and govern them safely—my board courses cover AI agents, risks, and governance frameworks. I also advise boards and executives designing secure agent deployments. Contact me.
Relevant Sources
- Thinking carefully before adopting agentic AI — UK NCSC — https://www.ncsc.gov.uk/blogs/thinking-carefully-before-adopting-agentic-ai
- OWASP Top 10 for LLM Applications 2025 — OWASP — https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/
- AI Risk Management Framework (overview) — NIST — https://www.nist.gov/itl/ai-risk-management-framework
- Generative AI Profile (NIST AI 600-1) — NIST — https://www.nist.gov/publications/artificial-intelligence-risk-management-framework-generative-artificial-intelligence
- ISO/IEC 42001 explained (AI management systems) — ISO — https://www.iso.org/cms/%20render/live/en/sites/isoorg/home/insights-news/resources/iso-42001-explained-what-it-is.html
