jcardena.com Blog Why agentic AI breaks in production (and the demos never show it)
145 posts
EN ES

Why agentic AI breaks in production (and the demos never show it)

Juan Cardena discusses why LLM agents often fail in production, detailing hidden costs, latency spikes, and state management challenges. Learn how deterministic guardrails and hybrid architectures ens

After two decades building and maintaining complex enterprise systems, I've learned to be deeply skeptical of "magic trick" demos. LLM agents, despite their immense promise, often present this illusion. The vision of fully self-optimizing, adaptive systems is compelling, promising unprecedented efficiency. I've seen these demos, and I've built systems that aim for that autonomy. But the carefully curated demo reel never shows the subtle, insidious ways these systems break when faced with the raw, unpredictable chaos of real-world production traffic.

The transition from a proof-of-concept agent to a production-grade system capable of handling massive request volumes reveals a chasm of complexity. It's not just about scale; it’s about reliability, cost, and the sanity of the engineers on call. The failures aren't always spectacular crashes. Often, they're slow, silent degradations that erode trust and blow up budgets.

Why agentic AI breaks in production (and the demos never show it)

The Cost Curve Blow-Up You Didn't Predict

The first silent killer in an agentic system is often the cost curve. Every LLM call, every tool invocation, every retry for a failed step, adds up. In a deterministic system, you can model operational cost with high precision. You know exactly how many database queries, API calls, or compute cycles a request will consume. With agents, that calculation becomes probabilistic.

Imagine an agent fulfilling customer requests by searching documentation, generating summaries, and updating a CRM. In a demo, it takes three LLM calls and two tool calls. In production, a slightly ambiguous query might send it down a rabbit hole of redundant searches, hallucinated tool parameters, and repeated summarizations. Each misstep costs tokens and compute. I've observed these "loops of despair" turn what should be a profitable interaction into a financial drain, and a moderately busy system into a budget disaster. Without strict guardrails on agent "thought" tokens or maximum tool calls per interaction, costs spiral out of control. It’s not just the cost of the LLM itself; it’s the amplified cost of all downstream services it triggers unnecessarily.

Why agentic AI breaks in production (and the demos never show it)
User QueryAgent Reasons LLM1Tool Call SearchAgent Reasons LLM2Tool Call APIUpdateAgent Reasons LLM3 ErrorLoop ResearchesMisinterprets
Conceptual Agentic Failure Loop

Latency Spikes and the Illusion of Autonomy

Beyond cost, there's latency. User experience often dictates strict response time requirements. A human user expects an answer within seconds; an automated downstream system might time out in milliseconds. Agentic systems, by their very nature, introduce variability. Each LLM call has its own latency. Tool calls, especially external APIs, add more. Sequential reasoning, where one LLM thought informs the next, compounds this. A chain of three LLM calls and two tool calls might take 500ms in a perfect world, but spike to several seconds if any step hits an upstream bottleneck or requires a retry.

This variability isn't just an inconvenience; it breaks integrations. Dependent systems that expect a predictable response time will choke. Users will abandon slow interfaces. Attempts to optimize often involve caching or parallel execution, but these negate the very "autonomy" of the agent to decide its next step dynamically. You're effectively injecting deterministic behavior back into a probabilistic system, often with complex, brittle results. As Lilian Weng articulated in her seminal "LLM Agents: An Introduction" on the OpenAI Research Blog, the iterative and adaptive nature of agents introduces unique challenges in managing execution and state, particularly in complex, multi-step tasks.

State Management and Observability: The Unseen Iceberg

Deterministic automation excels at state management. Each step has a clear input, output, and predictable side effect. Error handling routes are well-defined. Agentic systems, with their iterative reasoning and tool usage, create a complex, often non-linear execution path. This makes state management incredibly difficult. What happens if an agent partially updates a record, then fails on the next step? Is the transaction rolled back? Does the agent retry from scratch or from the last known good state?

Observability, a cornerstone of production systems, also becomes a nightmare. Tracing the "thought process" of an agent is crucial for debugging, but LLM interactions are opaque. You get the prompt and the completion, but the internal reasoning is a black box. I’ve learned that granular logging of every LLM interaction – prompt, completion, tool inputs, outputs – is the only reliable way to reconstruct an agent's 'why' and debug effectively. This verbose logging itself introduces overhead and storage costs, and even then, reconstructing a "why" from raw data is a significant engineering challenge. Traditional logs and metrics often fall short, leaving engineers staring at a high-level agent failure without insights into the root cause.

When Determinism Wins: Guardrails and Fallbacks

From my experience, the most robust agentic systems integrate traditional software engineering's boring patterns as essential safety nets. The "boring patterns" aren't replaced; they are reinforced. Here's where determinism reasserts its value:

  • Strict Limits: Enforce maximum LLM tokens per turn and total tool calls per request. If an agent hits these limits, it should fail gracefully or escalate, rather than spiraling.
  • Tool Validation: Every tool call initiated by an agent should pass through a rigorous validation layer. Don't trust the LLM to generate perfectly formatted or semantically correct parameters. Schemas and defensive programming are non-negotiable.
  • Idempotent Operations: Design all tools and APIs to be idempotent where possible. If an agent retries an operation due to uncertainty, you don't want duplicate side effects.
  • Human-in-the-Loop: For critical or high-cost operations, build clear escalation paths. If an agent cannot confidently resolve a task, it should hand off to a human, or trigger a well-defined deterministic fallback workflow.
  • Deterministic Fallbacks: Identify core tasks that an agent *might* do but which have well-understood, predictable solutions. If the agent struggles or costs too much, pivot to a simpler, deterministic automation.

Think of agents as powerful but occasionally reckless junior engineers. You give them a task, but you surround them with senior engineers (deterministic guardrails) who check their work, provide strict guidelines, and step in when things go off the rails. Their autonomy is bounded by the need for production stability.

Patterns That Survive 3 AM

The systems that hold up at 3 AM, when a critical incident strikes, are rarely the most cutting-edge or complex. They are the ones with transparent state, clear error paths, and predictable behavior. For agentic systems, this means:

  • Layered Architecture: Segregate probabilistic agent logic from deterministic tool execution and data persistence layers.
  • Clear Boundaries: Define strict interfaces between the agent and its tools. Treat agent output as untrusted input that must be validated.
  • Asynchronous Processing: Offload long-running agentic tasks to asynchronous queues. This prevents direct user-facing latency issues and allows for robust retries and error handling.
  • Cost Monitoring & Alerts: Implement aggressive, real-time cost monitoring with alerts. Catch agent "loops of despair" before they deplete the budget.
  • Detailed Event Logging: Log *every* significant step of the agent's execution, including LLM prompts, completions, tool inputs, and tool outputs. This is your only path to debugging.

The future of AI architecture is not a wholesale replacement of traditional software with agents. It's a careful, pragmatic integration. It's about leveraging the incredible generative and reasoning power of LLMs where it truly adds value—often in the "fuzzy front end" of understanding and planning—while relying on the time-tested, boring patterns of deterministic automation for execution, reliability, and cost control. Don't just build the demo; build the system that you'd be comfortable operating at 3 AM.

INPUTSUser RequestsEvent StreamsExternal DataPROCESSING CORERequest ValidatorLLM Agent CoreTool ParameterValidatorDeterministicToolsState ManagementCost MonitoringOUTPUTSAPI EndpointsReportingDashboardsHuman Escalation
Hybrid Agentic Architecture with Guardrails

Concrete Takeaways

  • Embrace Hybrid Architecture: Purely autonomous agents are a production risk. Blend LLM reasoning with deterministic code.
  • Budget & Latency are Real: Actively monitor and enforce limits on LLM calls and tool execution to manage costs and maintain performance.
  • Validate Everything: Treat agent outputs as untrusted input. Use strict schemas and validation for all tool interactions.
  • Build for Observability: Comprehensive logging of agent steps, prompts, and completions is essential for debugging.
  • Plan for Failure: Design graceful degradation, human-in-the-loop interventions, and deterministic fallbacks for when agents inevitably stumble.
JC
Juan Cardena
Enterprise Architect, Data & AI

Enterprise architect with 25 years across web, software, data, and AI. MIT CDAO ’25. Writing on agentic AI in production.