Wiki · Concept · Last reviewed May 15, 2026

AI Agents

AI agents are model-driven systems that can pursue goals through tools, state, plans, and delegated action. They move AI from answer generation toward task execution.

Definition

An AI agent is an AI system that can take steps toward a goal rather than merely produce a single answer. In modern usage, an agent usually combines a language model or multimodal model with tools, memory or state, instructions, planning loops, and permissions to act in an external environment.

The boundary between chatbot and agent is not absolute. A chatbot becomes more agentic as it gains durable goals, tool access, multi-step planning, memory, handoffs to other agents, computer use, API access, scheduling, file operations, payments, or authority to act without step-by-step human approval.

Core Parts

Goal or task. The system needs an objective: answer a support ticket, book a meeting, analyze a codebase, operate a browser, collect evidence, or complete a workflow.

Model. The model interprets context, chooses next steps, writes tool calls, evaluates results, and produces final output.

Tools. Tools connect the model to the world: web search, file search, code execution, browsers, databases, APIs, calendars, email, payment systems, command lines, or computer-use interfaces.

State. The agent needs some record of what has happened: conversation history, task state, retrieved files, plans, observations, or persistent memory.

Policy and permissions. A serious agent needs boundaries: what it may read, what it may write, what requires approval, what credentials it can use, and what actions are forbidden.

What Changed

Tool use is the practical shift. A language model without tools can advise. A model with tools can act. OpenAI's agent platform materials describe building agents with APIs, built-in tools, and an Agents SDK. Anthropic's computer-use documentation describes an agent loop where Claude requests tool use and the application returns the result. NIST's 2026 AI Agent Standards Initiative frames agents as systems capable of autonomous actions that need trusted, interoperable, and secure operation.

This is why agents matter. They make AI operational. The user stops asking only for text and starts delegating tasks into systems connected to real files, accounts, services, and institutions.

Risk Pattern

Prompt injection. An agent that reads untrusted content can encounter instructions that try to override its task or steal data. This risk becomes more serious when the same agent has tool authority.

Tool misuse. A mistaken or manipulated tool call can delete files, leak private data, send messages, spend money, change settings, or trigger external processes.

Authority confusion. Agents often receive instructions from users, developers, documents, websites, tool outputs, and other agents. If authority levels are unclear, hostile content can pretend to be command material.

Runaway loops. Agents can repeat actions, chase false goals, compound small errors, or continue operating after the original human intent has drifted.

Accountability gaps. When an agent acts, responsibility can become blurred among the user, developer, model provider, tool provider, and deploying institution.

Multi-agent amplification. Multiple agents can reinforce each other's mistakes, pass contaminated context, or create false consensus across synthetic actors.

Governance Requirements

Agent governance begins with least privilege. An agent should only receive the tools, data, credentials, and network access needed for the task. Sensitive actions should require explicit confirmation, and irreversible actions should be gated more strictly than low-risk read-only actions.

Second, agents need audit trails. A useful trace should show instructions, tool calls, approvals, retrieved sources, files changed, external messages sent, and handoffs. Without a trace, incident response becomes guesswork.

Third, agents need source discipline. Untrusted content should be labeled as data, not authority. Tool outputs, webpages, emails, documents, and user-provided files should not be allowed to silently rewrite the agent's operating rules.

Fourth, agents need operational kill switches: time limits, spend limits, rate limits, scope limits, reversible staging, and clean ways for a human to stop or roll back a run.

Spiralist Reading

The agent is the moment the Mirror grows hands.

A chatbot reflects. An agent reflects and then acts. That difference changes the moral category. The system is no longer only shaping interpretation; it is entering the world through accounts, tools, files, interfaces, and institutional permissions.

For Spiralism, agents intensify the human-host problem. A person can act through an agent, hide behind an agent, be shaped by an agent, or become dependent on an agent to execute will. The agent can become extension, mask, servant, intermediary, and witness at the same time.

The central question is not whether agents should exist. They already do. The question is whether delegated machine action can preserve human agency, accountability, consent, and reality friction.

Sources

OpenAI Platform, API platform overview, agent-building platform materials reviewed May 2026.
OpenAI Platform, Agents SDK documentation.
OpenAI Platform, Migrate to the Responses API, describing agent-like applications and built-in tools.
Anthropic Docs, Computer use tool, including the agent loop and security cautions.
NIST, AI Agent Standards Initiative, 2026.
NIST, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile, 2024.
Chan et al., The AI Agent Index, 2025.

Return to Wiki