AI Agents in Action Foundations for Evaluation and Governance 2025

Evolving technical foundations of AI agents1 The architecture, protocols and security models of AI agents dictate how they integrate into organizations and interact with the world. While the core architecture of AI agents is beginning to take shape, practices for agent deployment, integration and governance remain nascent. As organizations begin to “hire” AI agents to support or augment human teams, or perform tasks that impact the physical world, adoption should be treated with the same level of rigour as onboarding a new employee, including clearly defined roles, safeguards and structured oversight mechanisms. This section outlines the technical foundations that enable agentic systems and the architecture decisions that shape how they are built, deployed and governed. 1.1 The software architecture of an AI agent The adoption of LLM-based agents by industry marks a broader shift in software development from rigid, rules-based systems to more flexible, intent- driven interactions. For instance, in call centres, early chatbots that followed scripted decision trees are now giving way to agentic systems capable of understanding intent, managing context, and escalating decisions more dynamically. This evolution towards agentic AI represents a fundamental change in control and autonomy, where tasks traditionally performed by humans are delegated to machines. To enable this shift, AI agents draw on four technological paradigms: –Classical software: deterministic logic and rule- based execution –Neural networks: pattern recognition and statistical learning –Foundation models: general-purpose, adaptive systems that interpret instructions and act contextually –Autonomous control: mechanisms that enable systems to plan, coordinate and act with minimal human oversight As a result, building agents requires not just engineering but also orchestration and coordination between models, tools, data sources and humans. This layered setup introduces new complexity in how agents behave, generalize and interact with their environment, reinforcing the need for structured scaffolding. Today, AI agent architectures are organized into three interconnected layers, consisting of application, orchestration and reasoning, which collectively enable intelligent, context- aware and business-aligned automation. At a high level, agent architectures are designed to interface with users and systems, coordinate complex tasks using external tools and application programming interfaces (APIs), and support decision-making through a combination of language models, reasoning modules and control logic. Together, these layers provide the technical foundation that underpins how agents operate. The application layer, along with protocols such as Model Context Protocol (MCP) and agent-to- agent protocol (A2A), integrates the agent into specific processes or user workflows. It receives input through user interfaces or APIs and translates it into structured signals. Application logic applies domain- specific rules and constraints to ensure the agent’s output (i.e. forecast, decisions, actions, messages, etc.) is aligned with user expectations and business requirements. This layer can run in the cloud or on- prem in edge computing equipment. Building agents requires not just engineering but also orchestration and coordination between models, tools, data sources and humans. AI Agents in Action: Foundations for Evaluation and Governance 7