Understanding AI agents: New risks and practical safeguards

Artificial intelligence agents are rapidly moving from proof-of-concept to production. Engineering teams are eager to deploy them for customer service, data analysis, coding assistance, and business operations. 

For lawyers fielding questions about agents and technologies like model context protocol, the challenge is clear: these systems introduce meaningfully different risks than traditional AI applications. However, strategies can be implemented to manage these risks.

What makes agents different

Think of an AI agent like a contractor. A client engages a contractor to increase productivity, gives them access to certain tools and systems, and establishes some level of trust. But the client is still careful about what the contractor can access and how they work.

Unlike a simple chatbot that responds to a single prompt with a single answer, AI agents are systems designed to independently plan and execute multi-step tasks. They break down complex objectives into smaller actions, use external data sources and tools to gather information or perform operations, and iterate through long chains of reasoning to achieve their goals. 

An agent tasked to "analyze last quarter's sales trends and draft a report" might query multiple databases, run calculations, create visualizations, and compile findings — all without step-by-step human direction.

Agents can interact with external systems through application programming interfaces, databases and other tools. Model context protocol is an emerging standard that provides a uniform way for agents to connect to data sources and services — think of it as a universal adapter that lets agents plug into databases, file systems, APIs, and other resources through a consistent interface.