Trade notes
AI lab
01Agentic AI· 7 min read

Agentic AI: from demo to delegated work

What people actually mean by 'agentic AI' in 2026, why the demo-to-production gap is wider than the keynotes admit, and what the early shipping pattern looks like.

The phrase agentic AI got stretched in 2025 to cover anything from a slightly-better chatbot to a fully autonomous trading desk. By 2026 the industry has settled on a tighter definition: a system where a model decides what to do next, calls tools to do it, and loops on the results until a goal is met or an exit condition fires. The marketing slide says "help me do" instead of "help me write." The engineering reality is that you're now responsible for the consequences of every loop.

That responsibility is the actual story.

The state of play, briefly

Two numbers worth keeping in your head:

  • Gartner projects that by the end of 2026, over 40% of enterprise applications will embed role-specific AI agents.
  • The same research firm reports only 17% of organizations have actually deployed agents to production. More than 60% expect to within two years.

The gap between those numbers, interest versus shipped, is where most of the interesting work is happening. McKinsey reports that high-performing organizations are three times more likely to scale agents past pilot than their peers. The differentiator isn't model choice. It's whether the team built the unglamorous scaffolding underneath.

What "agentic" actually means in code

Strip the marketing and an agent is a loop with four moving parts:

  1. A goal, expressed in natural language or a structured task.
  2. A model that decides the next action.
  3. Tools the model can call: APIs, file reads, code execution, search, other agents.
  4. A stop condition: task complete, budget exceeded, user interrupt, or guardrail trip.

That's it. The cleverness is in how those parts are arranged: how much context the model gets, what tools it can reach, how failures bubble, and how you keep it from doing something irreversible at 3 a.m.

Anthropic's reframing of building agents with the Claude Agent SDK puts it bluntly. Most "agent frameworks" in the wild are abstractions over a while loop, and the abstractions often hide the things you most need to see. The right primitive is usually a small loop you can read end-to-end on one screen.

The early shipping pattern

Look at the agent deployments that have actually crossed the production line in the last six months and a pattern emerges. They share four traits:

  • Narrow scope. A single workflow, not a single assistant. Sales proposal generation. Tier-1 support triage. Procurement reconciliation. Claims first-pass review.
  • Bounded autonomy. The agent finishes a draft. A human approves before anything external happens (sends, files, pays, deploys).
  • Hard inputs, soft outputs. Inputs are structured (a ticket, a PDF, a row). Outputs are reviewed before they touch a system of record.
  • Aggressive observability. Every loop, every tool call, every prompt, every output, logged and queryable. Without this the agent is a black box and nobody trusts it past pilot.

Fujitsu's sales-proposal agent is the canonical case study right now: specialized agents for data analysis, market research, and document creation, all routed through an orchestrator. They report a 67% reduction in production time. Notice what's not in that summary. They didn't replace the salesperson. They compressed the assembly step.

That's the shape of agentic AI that's actually working. The headline-friendly "AI replaces the team" version is mostly still demo-ware.

Where the leaks are

If you're going to bet on agents, the failure modes you should care about are not the famous ones. They are:

  • Context drift. The agent's understanding of "what we're doing" deteriorates over a long horizon. The 12th tool call has nothing to do with the original goal.
  • Tool selection collapse. Given five tools that overlap, the model picks the wrong one consistently for a particular input class. You only notice in aggregate.
  • Silent partial success. The loop returns "done" while skipping a step that nobody verified. This is the one that bites in production.
  • Cost blowups. A poorly-bounded loop runs 200 model calls instead of 20. Multiply by users.
  • Permission bleed. An agent inherits a user's permissions and accidentally exposes data the user could see but normally wouldn't reach for.

None of these are model problems. They're system-design problems. The teams that ship are the teams that treat them that way.

In your M365 environment

If you sit where I sit, modern workplace and identity-led, agentic AI lands in three concrete places:

  • Inside Microsoft 365 Copilot. Agent Mode and Copilot Cowork are doing the multi-step work natively. Built on Work IQ (the next brief), grounded in the user's graph, governed by existing sensitivity labels and Conditional Access. This is the lowest-effort starting point. The governance is already done.
  • Custom agents in Copilot Studio. Low-code, runs on your tenant, can call Power Platform connectors and your APIs. The cost is that what feels like a workflow is actually an agent, with all the failure modes above.
  • Code-first agents. Anthropic's Agent SDK, OpenAI Assistants, custom orchestration. Higher ceiling, higher floor of operational maturity required. You own the loop, the logs, the budget.

For most enterprises in 2026, the right play isn't build an agent platform. It's pick one workflow with a clear ROI, ship a bounded agent against it, instrument it to the bone, and graduate from "it works" to "we trust it" through evidence, not vibes.

The rest of these briefs are about the shape of that scaffolding.

Sources: Gartner Hype Cycle for Agentic AI 2026 · McKinsey: State of AI Trust 2026 · Azure Agent Factory · Anthropic: Building agents with the Claude Agent SDK · Vellum: Agentic workflows guide 2026