What actually separates an AI agent from a regular chatbot?

The chapter's definition: an agent is an LLM-driven system that takes actions with some autonomy, packing three pieces — planning, tool access, memory. A chatbot only outputs text; an agent may output tool calls, structured results, and even external writes (sending email, mutating a database). The difference is not whether it can talk, it is whether it can act.

Which tasks justify an agent rather than a single LLM call?

The chapter says it directly: agents fit when the task needs `research + compute/code + report + iterate` over a long chain. Conversely, translation, email drafting, single-step classification do not need an agent — one call is faster and cheaper. The decision lever: number of steps + need for external information + whether the plan must adapt to intermediate results.

What is the minimum loop to ship a usable agent?

The chapter's five steps: (1) define task boundaries — what counts as done, which actions are off-limits? (2) design tools — few, clean, verifiable. (3) lock structured output — JSON schema or table. (4) add guardrails — allowlist for high-risk actions, partitioned input to resist prompt injection. (5) add evaluation and observability — replayable tool calls, decision logs, failure reasons. Skip a step and production crashes.

What are the most common failure modes of an agent?

The chapter names four: hallucination (fabricating facts or tool outputs), tool-call failure (tool unavailable, bad arguments, timeout), prompt injection (external content hijacking instructions), and lack of evaluation/observability so behaviour becomes uncontrollable. The first three are visible bugs; the fourth is worse — you do not even know there is a bug, let alone how to fix it.

How do I judge whether my agent is `usable and controllable`?

The chapter gives a five-dimension self-check rubric: correctness (are conclusions backed by tool results / sources? any hallucination?), task completion (every subtask done? any silent skip?), tool hygiene (used tools when needed? faked tool output?), safety (limits on high-risk actions? injection-resistant?), observability (can you replay plan, tool calls, retries?). Fail any one and the agent is not production-ready.

Introduction

AI Agent definition, capability boundaries, and typical use cases

TL;DR

An AI Agent is a system with an LLM at its core that can plan, call tools, and maintain state through memory to complete multi-step tasks.
When a task requires "research + compute/code + generate a report + iterate" -- that kind of long-chain workflow -- an AI Agent usually beats a single LLM call.
The value of an AI Agent isn't just "generating text." It's turning strategy into executable actions.
Key risks: hallucination, tool call failures, Prompt Injection, and uncontrollable behavior from missing evaluation/observability.

Core Concepts

In this track, we define an AI Agent as: an LLM-powered system that can execute actions with a degree of autonomy. It typically has:

Planning: Break complex tasks into steps, update the plan during execution (retry, rollback, gather more info).
Tool access: Call external capabilities (APIs, databases, search, code execution) to turn "ideas" into "actions."
Memory: Save intermediate results and key facts so multi-turn, multi-step work doesn't lose context.

The biggest difference from a plain "chatbot": an AI Agent's output isn't just text -- it can include tool calls, structured results, and writes to external systems.

How to Apply

To get a working AI Agent off the ground, follow this minimal loop:

Define task boundaries: What counts as "done"? What actions are allowed/forbidden? (e.g., can it send emails? Can it write to a production database?)
Design tools (interface-first): Build external capabilities as a small number of clear, verifiable tools. Each tool has well-defined inputs and outputs.
Lock down output format: Require structured output (JSON schema, tables) whenever possible. Less free-form text means less uncertainty.
Add guardrails: Use allowlists for high-risk actions. Partition inputs to reduce the blast radius of Prompt Injection.
Add evaluation and observability: At minimum, you should be able to replay every tool call, key decision, failure reason, and retry path.

A minimal reusable system prompt framework (sketch):

You are an AI Agent for <goal>.

Rules:
- Use tools when needed; do not fabricate tool results.
- If information is missing, ask clarifying questions first.
- Output must follow the specified schema.
- Do not perform disallowed actions: <deny list>.

Workflow:
1) Plan
2) Execute with tools
3) Verify
4) Summarize

Self-check Rubric

Use this rubric to check whether an AI Agent is "usable and controllable":

Correctness: Can key conclusions be backed by tool results / sources? Any hallucination?
Task completion: Did it actually finish all subtasks? Any silent skips?
Tool hygiene: Did it use tools when it should have? Did it fabricate tool output?
Safety: Are high-risk actions explicitly restricted? Can it resist common Prompt Injection?
Observability: Can you replay the plan, every tool call, retries, and failure reasons?

Practice

Exercise: Design an AI Agent for "learning material organizer" (no code required).

Goal: Organize 10 links you provide into a study note and action checklist.
Constraints: Must cite sources. When uncertain, say "I don't know" and ask clarifying questions.
Output: TL;DR, key concept glossary (terms in English), recommended reading order, daily plan (7 days).

References

Original (English)

Agents are revolutionizing the way we approach complex tasks, leveraging the power of large language models (LLMs) to work on our behalf and achieve remarkable results. In this guide we will dive into the fundamentals of AI agents, exploring their capabilities, design patterns, and potential applications.

What is an Agent?

Agent Components

In this guide, we refer to an agent as an LLM-powered system designed to take actions and solve complex tasks autonomously. Unlike traditional LLMs, AI agents go beyond simple text generation. They are equipped with additional capabilities, including:

Planning and reflection: AI agents can analyze a problem, break it down into steps, and adjust their approach based on new information.
Tool access: They can interact with external tools and resources, such as databases, APIs, and software applications, to gather information and execute actions.
Memory: AI agents can store and retrieve information, allowing them to learn from past experiences and make more informed decisions.

This lecture discusses the concept of AI agents and their significance in the realm of artificial intelligence.

Why build with Agents?

While large language models (LLMs) excel at simple, narrow tasks like translation or email generation, they fall short when dealing with complex, broader tasks that require multiple steps, planning, and reasoning. These complex tasks often necessitate access to external tools and information beyond the LLM's knowledge base.

For example, developing a marketing strategy might involve researching competitors, analyzing market trends, and accessing company-specific data. These actions necessitate real-world information, the latest insights, and internal company data, which a standalone LLM might not have access to.

AI agents bridge this gap by combining the capabilities of LLMs with additional features such as memory, planning, and external tools.

By leveraging these abilities, AI agents can effectively tackle complex tasks like:

Developing marketing strategies
Planning events
Providing customer support

Common Use Cases for AI Agents

Here is a non-exhaustive list of common use cases where agents are being applied in the industry:

Recommendation systems: Personalizing suggestions for products, services, or content.
Customer support systems: Handling inquiries, resolving issues, and providing assistance.
Research: Conducting in-depth investigations across various domains, such as legal, finance, and health.
E-commerce applications: Facilitating online shopping experiences, managing orders, and providing personalized recommendations.
Booking: Assisting with travel arrangements and event planning.
Reporting: Analyzing vast amounts of data and generating comprehensive reports.
Financial analysis: Analyzing market trends, assess financial data, and generate reports with unprecedented speed and accuracy.

📚 相关资源

❓ 常见问题

关于本章主题最常被搜索的问题，点击展开答案

AI Agent 和普通 chatbot 到底有什么区别？

本章给的定义：agent 是一个由 LLM 驱动、能在一定 autonomy 下执行 actions 的系统，包含 planning、tool access、memory 三件套。Chatbot 输出只是文字；agent 输出可能包含 tool call、结构化结果，甚至对外部系统的写入（发邮件、改数据库）。差异不在「能不能聊天」，在「能不能动手」。

什么任务才值得用 agent，而不是单次 LLM 调用？

本章原话：当任务需要「查资料 + 计算/写代码 + 生成报告 + 反复迭代」这种长链路流程，agent 比单次调用更合适。反过来：翻译、邮件草稿、单步 classification 不需要 agent，单次调用又快又便宜。判断标准是步骤数 + 是否需要外部信息 + 是否要根据中间结果调整计划。

落地一个能用的 agent，最小闭环要哪几步？

本章给的五步：1) 定义任务边界（什么算完成？哪些 action 禁止？）；2) 设计 tools（少量、清晰、可验证）；3) 制定结构化输出格式（JSON schema 或表格）；4) 加 guardrails（高风险动作 allowlist + 输入分区抗 prompt injection）；5) 加 evaluation 与可观测性（tool call 回放、关键决策日志、失败原因）。少一步生产就翻车。

Agent 最常见的几个失败模式是什么？

本章列了四类：hallucination（编造事实或工具结果）、tool 调用失败（工具不可用、参数错、超时）、prompt injection（被外部内容劫持指令）、以及缺少 evaluation/observability 导致行为不可控。前三类是直接故障，第四类更可怕——你根本不知道它出了问题，更别说修。

怎么判断我的 agent「能用且可控」？

本章给了 5 维 self-check rubric：Correctness（结论是否被 tool results / sources 支撑？有没有 hallucination？）、Task completion（所有子任务都完成了吗？有 silent skip 吗？）、Tool hygiene（该用 tool 时用了吗？有没有伪造 tool output？）、Safety（高风险 action 有限制吗？抗 prompt injection 吗？）、Observability（计划、tool call、重试都能回放吗？）。任何一项 fail 就别上生产。