CtrlK
An AI agent (also called an intelligent agent) is a software system that perceives its environment through sensors, reasons about its observations, and takes autonomous actions through actuators to achieve specific goals. The concept originates from classical artificial intelligence research but has taken on new significance in the era of large language models (LLMs), where agents combine the reasoning abilities of foundation models with tool use, planning, and memory to carry out complex, multi-step tasks with minimal human oversight.
The term "agent" has been a foundational concept in AI since the field's earliest days. In the most widely used textbook definition, Stuart Russell and Peter Norvig describe an agent as "anything that can be viewed as perceiving its environment through sensors and acting upon that environment through actuators." Their textbook, Artificial Intelligence: A Modern Approach (1995), frames the entire study of AI as "the study and design of rational agents," where a rational agent is "one that acts so as to achieve the best outcome or, when there is uncertainty, the best expected outcome."
In practice, AI agents range from simple thermostat-like systems that follow fixed rules all the way to sophisticated LLM-powered autonomous systems that can browse the web, write and execute code, manage files, and interact with external APIs. The rise of agentic AI has become one of the most consequential trends in the AI industry, with the global AI agents market estimated at $7.63 billion in 2025 and projected to grow at a compound annual growth rate of roughly 44% to 50% through the early 2030s.
The idea of intelligent agents has evolved through several distinct eras, each building on the capabilities and limitations of the previous one.
The foundations of agent-based AI trace back to the earliest days of the field. Alan Turing's 1950 paper "Computing Machinery and Intelligence" proposed the Turing test as a way to evaluate whether a machine could exhibit intelligent behavior. The 1956 Dartmouth Conference, organized by John McCarthy, Marvin Minsky, Nathaniel Rochester, and Claude Shannon, formally established AI as a research discipline.
Early systems demonstrated rudimentary agent-like behavior within constrained environments. ELIZA (1966), created by Joseph Weizenbaum at MIT, used pattern matching to simulate a Rogerian psychotherapist and became the world's first chatbot. SHRDLU (1970), developed by Terry Winograd at MIT, could understand natural language commands and manipulate objects in a simulated "blocks world," acting as an agent within a microworld. STRIPS (Stanford Research Institute Problem Solver, 1971) introduced formal planning capabilities, allowing an agent to reason about actions and their effects to achieve goals.
The expert systems era produced agents that encoded human domain expertise into rule-based reasoning systems. MYCIN (1976), developed at Stanford University, diagnosed bacterial infections and recommended antibiotics by applying roughly 600 production rules. DENDRAL, also from Stanford, helped chemists determine molecular structures. These systems operated within narrow domains but demonstrated that AI agents could perform useful work when given sufficient knowledge.
During this period, researchers also formalized agent theory. Michael Wooldridge and Nicholas Jennings published influential work in the 1990s on the properties of intelligent agents, identifying key characteristics such as autonomy, reactivity, proactiveness, and social ability.
The shift from hand-coded rules to data-driven learning transformed what agents could accomplish. Reinforcement learning (RL) provided a mathematical framework for agents that learn through trial and error, with Q-learning and later deep reinforcement learning enabling agents to master complex tasks. IBM's Deep Blue defeated chess world champion Garry Kasparov in 1997, and Google DeepMind's AlphaGo defeated Go champion Lee Sedol in 2016, both showcasing agent-based systems operating in competitive environments.
The 2010s saw the emergence of virtual assistants such as Apple's Siri (2011), Amazon's Alexa (2014), and Google Assistant (2016). While these systems could carry out simple voice-driven tasks, they relied heavily on predefined intents and lacked the ability to reason through multi-step problems or use arbitrary tools.
The modern era of AI agents began with the convergence of two developments: the scaling of large language models to the point where they could perform general-purpose reasoning, and the introduction of techniques that allowed these models to take actions in the real world.
The publication of the ReAct paper (Yao et al., October 2022) was a pivotal moment. ReAct demonstrated that LLMs could interleave reasoning traces with actions, allowing them to plan, execute, observe results, and revise their plans. This "Reason + Act" loop became the foundational architecture for LLM-based agents.
In February 2023, Meta AI published the Toolformer paper (Schick et al.), showing that language models could teach themselves to use external tools such as search engines, calculators, and translation systems via API calls. This work established that tool use did not need to be hand-programmed; models could learn when and how to invoke tools to improve their own outputs.
The release of AutoGPT in March 2023 by Toran Bruce Richards brought autonomous LLM agents to mainstream attention. AutoGPT used GPT-4 to pursue user-defined goals by autonomously breaking them into subtasks, browsing the web, managing files, and executing code. The project became the fastest-growing repository on GitHub at the time. Shortly after, Yohei Nakajima released BabyAGI (March 2023), a minimal Python script that demonstrated a task creation, execution, and prioritization loop, serving as an educational reference for how autonomous agents work.
Since then, the space has expanded rapidly. Devin (Cognition AI, 2024) introduced the concept of a fully autonomous software engineering agent running in a sandboxed cloud environment. Claude Code (Anthropic, 2025) brought terminal-native agentic coding to developers. OpenAI Codex (2025) offered cloud-based autonomous coding agents powered by reasoning models. Manus (2025), developed by Chinese startup Monica.im, gained attention for achieving high scores on the GAIA benchmark and was later the subject of a $2 to $3 billion acquisition bid by Meta in late 2025.
AI agents can be classified along several dimensions. The most commonly referenced taxonomy, drawn from Russell and Norvig's textbook, identifies five types based on increasing sophistication.
Simple reflex agents select actions based solely on the current percept, ignoring the rest of the percept history. They operate on condition-action rules (also called "if-then" rules): if the current input matches a condition, the agent performs the corresponding action. A thermostat is a classic example. These agents work well only in fully observable environments where the correct action can be determined from the current state alone.
Model-based reflex agents maintain an internal model of the world that tracks aspects of the environment not directly observable. This internal state, combined with the current percept, allows the agent to handle partially observable environments. For example, an autonomous vehicle maintains a model of nearby cars, even when they temporarily leave the sensor range.
Goal-based agents extend model-based agents by incorporating explicit goal information. Rather than simply reacting to the current state, they consider future states and evaluate which sequences of actions will achieve their goals. This requires search and planning capabilities. A navigation system that computes a route to a destination is a goal-based agent.
Utility-based agents go beyond simple goal achievement by assigning a utility value (a measure of "happiness" or desirability) to different states. When there are multiple ways to achieve a goal or when goals conflict, the utility function allows the agent to choose the action that maximizes expected utility. A stock trading agent that balances risk against returns is operating as a utility-based agent.
Learning agents can improve their performance over time through experience. They consist of four conceptual components: a performance element (which selects actions), a learning element (which modifies the performance element based on feedback), a critic (which provides feedback based on a fixed performance standard), and a problem generator (which suggests exploratory actions). Most modern AI systems, including LLM-based agents, incorporate learning in some form.
Beyond Russell and Norvig's taxonomy, agents are also classified by other properties:
| Classification dimension | Types | Description |
|---|---|---|
| Reasoning approach | Reactive vs. deliberative vs. hybrid | Reactive agents respond immediately without internal reasoning; deliberative agents build world models and plan; hybrid agents combine both approaches |
| Number of agents | Single-agent vs. multi-agent | Single agents operate independently; multi-agent systems involve multiple agents collaborating or competing |
| Autonomy level | Human-in-the-loop vs. fully autonomous | Ranges from agents that require human approval for each action to those that operate independently end-to-end |
| Domain scope | Narrow vs. general-purpose | Narrow agents handle specific tasks (e.g., email sorting); general-purpose agents attempt to handle any task |
| Learning capability | Static vs. adaptive | Static agents operate with fixed behavior; adaptive agents improve through experience |
Modern LLM-based agents share a common architectural pattern that combines a foundation model with several key components. Andrew Ng and others have described this as the "agentic" pattern, where an LLM serves as the central reasoning engine coordinating perception, planning, memory, and action.
At the center of every LLM-based agent is the foundation model itself, which serves as the "brain" that interprets instructions, generates plans, and decides when and how to use tools. Models such as GPT-4, Claude, Gemini, and open-source alternatives like Llama and Qwen provide the reasoning capabilities that power agentic behavior.
The quality of the reasoning core directly determines the agent's capability ceiling. Reasoning models such as OpenAI's o-series and DeepSeek-R1 that employ chain-of-thought and extended thinking have shown particular strength in agentic tasks because they can break down complex problems before acting.
Planning refers to the agent's ability to decompose a high-level goal into an ordered sequence of subtasks, then execute and monitor those subtasks. Several prompting and architectural strategies support planning in LLM agents:
Agent memory allows agents to retain and recall information across interactions, mirroring how human cognition uses different memory stores for different purposes.
Short-term memory (working memory) corresponds to the model's context window, the text that the model can process in a single call. For current models, context windows range from roughly 8,000 tokens to over 1 million tokens (e.g., Gemini 1.5 Pro). The context window acts as working memory where the agent holds its current conversation, recent tool outputs, and active plans.
Long-term memory persists beyond a single conversation and is typically implemented using external storage. Common approaches include:
Research systems like Mem0 (2025) and A-Mem (2025) have introduced more sophisticated memory architectures that dynamically capture, organize, and retrieve salient information, drawing inspiration from how human memory consolidates and retrieves experiences.
Episodic memory records specific past experiences (e.g., "the user asked about Python debugging yesterday"). Semantic memory stores general knowledge and facts. Procedural memory captures learned workflows and routines (e.g., "when deploying code, always run tests first").
One of the defining features of modern AI agents is their ability to use external tools. While LLMs have broad knowledge, they cannot perform calculations reliably, access real-time data, or interact with external systems on their own. Tool use bridges this gap.
The mechanism works through function calling (also called tool calling). The process follows a consistent pattern:
Major LLM providers, including OpenAI, Anthropic, and Google, support native function calling in their APIs. The Toolformer paper (Schick et al., 2023) demonstrated that models could learn to use tools in a self-supervised manner, without requiring explicit function-calling APIs.
Common categories of tools include web search, code execution, file system operations, database queries, API calls to external services, browser automation, and mathematical computation.
Combining these components, a typical LLM agent operates in a loop:
This perceive-think-act-observe loop can run for anywhere from a single iteration (simple question answering) to hundreds of iterations (complex software engineering tasks that involve reading code, writing patches, running tests, and debugging failures).
The rapid growth of interest in AI agents has produced a rich ecosystem of frameworks that simplify agent development. These frameworks handle common concerns like LLM integration, tool management, memory, orchestration, and multi-agent coordination.
| Framework | Developer | Language | Key features | GitHub stars (approx.) |
|---|---|---|---|---|
| LangChain / LangGraph | LangChain Inc. | Python, JS | Stateful graphs, cyclical workflows, multi-agent orchestration | 100k+ |
| CrewAI | CrewAI Inc. | Python | Role-based agents, collaborative workflows, standalone (no LangChain dependency) | 25k+ |
| AutoGen | Microsoft Research | Python, C#, Java | Asynchronous event-driven architecture, multi-agent conversations | 40k+ |
| Semantic Kernel | Microsoft | C#, Python, Java | Enterprise-grade, deep Azure integration, plugin system | 25k+ |
| LlamaIndex | LlamaIndex Inc. | Python, TS | Data-centric agents, strong RAG integration | 40k+ |
| OpenAI Agents SDK | OpenAI | Python | Handoffs, guardrails, tracing, tight OpenAI API integration | 15k+ |
| Claude Agent SDK | Anthropic | Python | Tool use, multi-turn orchestration, Anthropic API integration | 5k+ |
| Swarm | OpenAI | Python | Lightweight, educational multi-agent coordination | 20k+ |
In October 2025, Microsoft merged AutoGen with Semantic Kernel into a unified Microsoft Agent Framework, with general availability planned for Q1 2026, offering production SLAs and multi-language support.
Enterprise vendors have built agent platforms into their cloud and SaaS offerings:
A particularly active category of AI agents focuses on software engineering:
| Agent | Developer | Release | Architecture | Key capabilities |
|---|---|---|---|---|
| Claude Code | Anthropic | 2025 | Terminal-native | Codebase understanding, file editing, command execution, git workflows |
| Devin | Cognition AI | 2024 | Cloud-sandboxed | Fully autonomous: plans, writes, tests, and submits PRs |
| OpenAI Codex | OpenAI | 2025 | Cloud-based | Powered by GPT-5.x-Codex reasoning models, multi-agent orchestration |
| Cursor | Anysphere | 2023 | IDE-integrated | AI-first code editor with agent mode |
| GitHub Copilot | GitHub / Microsoft | 2021 | IDE plugin + agent mode | Code completion, chat, and autonomous agent mode (2025) |
| Windsurf | Codeium | 2024 | IDE-integrated | "Cascade" flows combining AI suggestions with agentic actions |
As the agent ecosystem has grown, the need for standardized communication between agents and between agents and tools has led to the development of open protocols.
The Model Context Protocol (MCP) was announced by Anthropic in November 2024 as an open standard for connecting AI assistants to external data sources and tools. MCP reuses the architectural ideas of the Language Server Protocol (LSP) and transports messages over JSON-RPC 2.0.
Within a year of its launch, MCP achieved broad cross-vendor adoption. OpenAI adopted MCP in March 2025, Google DeepMind confirmed support in April 2025, and Microsoft joined the MCP steering committee at Build 2025 in May. By late 2025, MCP had surpassed 97 million monthly SDK downloads.
In December 2025, Anthropic donated MCP to the Agentic AI Foundation (AAIF), a directed fund under the Linux Foundation co-founded by Anthropic, Block, and OpenAI, with platinum members including Amazon Web Services, Google, and Microsoft.
Google introduced the Agent-to-Agent Protocol (A2A) in April 2025 as a complementary standard to MCP. While MCP standardizes how agents connect to tools and data sources, A2A defines how agents from different vendors and platforms communicate with each other.
A2A uses JSON-RPC 2.0 over HTTPS and introduces the concept of "Agent Cards," JSON documents that describe an agent's capabilities, authentication requirements, and connection details. This allows a client agent to discover and select the most appropriate remote agent for a given task. Version 0.3, released in July 2025, added gRPC support, signed security cards, and an extended Python SDK. The protocol is open-sourced under the Apache 2.0 license and governed by the Linux Foundation, with support from over 150 organizations including Atlassian, Salesforce, SAP, and PayPal.
Together, MCP and A2A are forming the foundation of an interoperable agent ecosystem, sometimes compared to how HTTP and SMTP standardized web and email communication.
A multi-agent system (MAS) consists of multiple AI agents that interact to solve problems that are beyond the capability of any single agent. Multi-agent approaches have seen a surge of interest, with a reported 1,445% increase in inquiries from Q1 2024 to Q2 2025.
Multi-agent systems generally follow one of three architectural patterns:
Several patterns have emerged for organizing multi-agent collaboration:
Organizations using multi-agent architectures have reported measurable improvements, including 45% faster problem resolution and 60% more accurate outcomes compared to single-agent systems in certain domains. Gartner has predicted that 40% of enterprise applications will embed AI agents by the end of 2026, up from less than 5% in 2025.
Evaluating AI agents presents unique challenges because agents must be assessed not just on the correctness of their outputs but on their ability to interact with environments, use tools, recover from errors, and complete multi-step tasks. Several benchmarks have been developed to address these challenges.
| Benchmark | Focus | Tasks | Key metric |
|---|---|---|---|
| SWE-bench | Software engineering | Resolving real GitHub issues | Percentage of issues resolved |
| AgentBench | General agent ability | 8 environments (OS, database, knowledge graphs, gaming) | Composite score across environments |
| WebArena | Web navigation | 812 tasks across e-commerce, forums, code, and CMS | Task success rate |
| GAIA | Real-world reasoning | 466 questions requiring reasoning, multimodality, and tool use | Accuracy across three difficulty levels |
| tau-bench | Customer support | Multi-turn dynamic conversations with simulated databases | Task completion with consistency |
| OSWorld | Computer use | Desktop operating system tasks | Task completion rate |
| ToolBench | Tool use | API call chains across real-world APIs | Pass rate |
SWE-bench, introduced by researchers at Princeton University, evaluates agents on their ability to resolve real GitHub issues from popular open-source Python repositories. The benchmark provides the agent with a repository and an issue description, and the agent must produce a patch that resolves the issue. SWE-bench Verified, a human-validated subset, has become the standard evaluation for coding agents. As of early 2026, the leading agents resolve over 70% of SWE-bench Verified issues.
GAIA (General AI Assistants) provides 466 real-world questions organized into three difficulty levels that require reasoning, multimodal understanding, web browsing, and tool use. As of mid-2025, the top score on GAIA Level 3 was 61%, achieved by Writer's Action Agent, highlighting a persistent gap between human performance (over 90%) and AI agent performance on the most challenging tasks.
A significant gap exists between benchmark performance and real-world deployment success. Existing benchmarks tend to optimize for task completion accuracy, while production environments require evaluation across cost efficiency, latency, reliability, security, and the ability to handle ambiguous or adversarial inputs. Researchers have called for multi-dimensional evaluation frameworks that better capture the realities of enterprise deployment.
The autonomous nature of AI agents introduces safety and governance challenges that go beyond those posed by standard AI models. Because agents can take actions in the real world, the consequences of errors or misalignment are more direct and potentially more severe.
Unauthorized actions and privilege escalation: Agents may take actions beyond their intended scope. Research has found that 80% of organizations have encountered risky agent behaviors, including unauthorized system access and improper data exposure. Tool misuse and privilege escalation are the most commonly reported incidents.
Prompt injection: Prompt injection, where malicious input causes an agent to deviate from its instructions, moved from academic research into recurring production incidents in 2025. OWASP's 2025 LLM Top 10 ranked prompt injection as the top security threat. Because agents process external data (web pages, emails, database results) as part of their operation, they present a larger attack surface for injection attacks than standard chatbots.
Cascading failures in multi-agent systems: Research on multi-agent system failures has found that a single compromised agent can poison downstream decision-making in the majority of connected agents within hours. This cascading failure risk is particularly concerning as multi-agent deployments scale.
Goal misalignment: Testing of AI models has found that agents sometimes choose deceptive or extreme actions when pursuing goals, including blackmail and corporate espionage in simulated scenarios. Ensuring that agent behavior remains aligned with human intentions, especially over long autonomous runs, is an active area of research.
Memory poisoning and supply chain attacks: Adversaries can corrupt an agent's long-term memory or inject malicious tools into an agent's supply chain. While less frequent than direct misuse incidents, these attacks carry disproportionate severity because they can persist across sessions and affect all future agent behavior.
Several governance frameworks and practices have emerged:
The International AI Safety Report 2026, a multi-stakeholder effort involving governments and research institutions, has called for specific governance standards for autonomous AI systems, recognizing that agents pose qualitatively different risks from non-agentic AI.
Gartner has predicted that by 2026, more than 50% of AI agent failures will stem from inadequate governance and security controls rather than core model errors. Non-human and agentic identities are expected to exceed 45 billion by the end of 2026, more than twelve times the global human workforce, yet only a small fraction of organizations have a strategy for managing these autonomous systems.
AI agents are being deployed across a wide range of industries and use cases.
Coding agents like Claude Code, Devin, and OpenAI Codex can autonomously read codebases, write features, fix bugs, run tests, and submit pull requests. OpenAI Codex surpassed 2 million weekly active users by early 2026. These agents are increasingly handling tasks that previously required junior to mid-level developer intervention.
AI agents handle customer inquiries through multi-turn conversations, accessing databases, processing returns, modifying orders, and escalating to human agents when necessary. Salesforce Agentforce and similar platforms enable enterprises to deploy customer service agents that integrate with CRM and order management systems.
Deep research agents like OpenAI's Deep Research and Google's Gemini Deep Research can autonomously search the web, read and synthesize information from multiple sources, and produce structured research reports. These agents use iterative search-and-read loops that can run for minutes or hours to compile comprehensive analyses.
Enterprise agents automate workflows spanning multiple systems, such as processing invoices, managing supply chains, onboarding employees, and generating compliance reports. These agents coordinate with existing enterprise software through API integrations and increasingly through MCP connections.
Browser agents and computer-use agents can interact with websites and desktop applications by controlling mouse movements, keyboard input, and screen reading. Browser Use, an open-source project, grew to over 78,000 GitHub stars, reflecting strong demand for agents that can automate web-based workflows.
AI agents assist with scientific research by automating literature reviews, generating hypotheses, designing experiments, and analyzing data. In drug discovery, agents can search chemical databases, predict molecular properties, and suggest compound modifications.
The AI agent market has experienced rapid growth. Market research firms estimate the global AI agents market at approximately $7.5 to $7.6 billion in 2025, with projections ranging from $57 billion to $199 billion by the early 2030s, depending on the research methodology and market definition. The compound annual growth rate estimates range from 42% to 50%.
North America accounted for the largest share of the market in 2025 (approximately 40%), with the Asia-Pacific region projected to be the fastest-growing market. Key growth drivers include demand for automation, advances in natural language processing, and the trend toward personalized customer experiences.
Enterprise adoption is accelerating: surveys indicate that over 80% of organizational leaders plan to increase spending on AI agents, and nearly 90% of senior executives report that their teams are growing AI budgets specifically because agents are delivering measurable value.
Several trends are shaping the future of AI agents: