Essay
Essay
Why 80% of Enterprise AI Agents Never Reach Production
Most enterprise AI agents do not fail in interesting ways. They fail in the same six ways, over and over, in companies that have never spoken to each other. The architectural fixes are well understood. The reason the failures persist is that the projects are scoped to demo well, not to ship.
Here are the six failure modes, drawn from our own engagements across BFSI, manufacturing, and logistics over the last eighteen months — and the design choices that prevent each.
1. The eval suite was the demo
The agent gets built, gets demoed, gets approved, and then someone asks: how do we know it still works tomorrow? The team realises the evaluation is the same five prompts the engineer used while building it. There is no regression suite. There is no adversarial probe. There is no drift monitor. The agent goes to production blind and stays there until it fails publicly.
Fix. Write the eval harness before the agent. Golden tasks, adversarial probes, drift detectors on input distributions, regression suites in CI. The harness is a deliverable; the agent is an artifact of it.
2. The retrieval layer is undefended
Most enterprise agents are RAG agents in disguise. The model is asked to ground its answer in retrieved context — and the retrieval layer was built as an afterthought. Recall is mediocre. Citations are missing. The agent confidently grounds responses in the wrong chunk and nobody notices until a customer points it out.
Fix. Treat retrieval as the product. Hybrid sparse plus dense, reranking, metadata filters, citation enforcement at the output layer. Evaluate retrieval independently of generation — recall@k, MRR, faithfulness — and refuse to ship until the numbers are real.
3. Tool calls are unbounded
The agent is given five tools — query the warehouse, send an email, file a ticket, post to Slack, update the CRM. Nobody set rate limits. Nobody set authorisation scope per tool. Nobody planned for what happens when the model decides to loop. The first incident comes from a runaway loop that opened 400 tickets in a minute.
Fix. Every tool gets a rate limit, a per-invocation cost ceiling, an authorisation scope tied to the calling user, and an emergency stop. Treat tool calls as you would treat a junior employee with API keys — bounded, observed, revocable.
4. The policy layer is in the prompt
The system prompt says “do not give legal advice.” The model gives legal advice anyway. Surprise.
System prompts are not a policy layer. They are an aspiration. Anything that must not happen has to be enforced in code — at the input filter, at the output guardrail, or at the gateway. Anything left to the model’s good behaviour will eventually be violated, usually adversarially.
Fix. A real policy layer between the model and the user. Input classifiers, output guardrails, structured-output schemas that the response must conform to, DLP at the egress. The system prompt is a hint to the model. The policy layer is the contract with the regulator.
5. Cost is discovered post-launch
The pilot ran for two weeks on a hundred users. The CFO approved it. The agent went to ten thousand users. The bill landed. Now there is a Slack channel called #ai-cost-incident and the agent is in front of an architectural review board explaining itself.
Fix. Cost engineering during the pilot, not after launch. Token caps per session, model-tier routing (cheap models for cheap turns), caching at the prompt and response layers, structured outputs to reduce token consumption, and a real-time cost dashboard that the engineering team owns. Per-task unit economics is a release criterion.
6. Nobody owns operations
The agent ships. The build team rolls off. The platform team did not staff for it. The first 3 a.m. page goes unanswered. The agent is paused. The agent stays paused. The agent gets quietly deprecated.
Fix. No agent goes to production without an SLO, a runbook, an on-call rotation, and a named team. The engineering team that builds the agent does not get to leave until the operating team is trained and the on-call hand-over is signed off. Operations is the deliverable; the agent is the artifact.
What it looks like when it works
A production agent in a regulated environment looks boring. There is a registry it appears in. There is an eval suite that runs in CI on every change. There is a policy layer it routes through. There is a cost dashboard that someone watches. There is a runbook. There is an on-call. There is an audit log that the compliance team can query without engineering’s help.
It looks boring because it works. The interesting agents — the ones that get written up in blog posts about how amazing they are — are mostly the ones that have not failed in public yet.
The 20% that reach production look like infrastructure. The 80% that do not look like demos.
More Insights
- DPDP Act and Generative AI: What Indian Enterprises Must Implement
- The Compliance Surface of Production AI
- Cutting Loan-Underwriting Cycle Time 70% at an Indian NBFC
- When BM25 Beats Your Embedding Model: Hybrid Retrieval in the Wild