Every CTO we talk to has the same story. They piloted an AI agent in Q3. It demoed beautifully. It made it to a steering committee deck. Then it died — quietly, in the staging environment, sometime around the third or fourth integration meeting. The cited reasons vary: "compliance concerns," "model drift," "integration complexity." The actual reason is almost always architectural. The agent was built for the demo, not for production.

We've shipped agents into FinTech super-apps handling 50,000+ customer interactions a day, into healthcare platforms touching patient records, and into government HR portals where every transaction is auditable. We've also watched dozens of pilots — ours and others' — fail at the deployment line. Below are the five architecture decisions that, in our experience, separate the agents that ship from the ones that don't.

TL;DR — Production agents fail because of (1) wrong retrieval boundary, (2) no escalation path, (3) no eval harness, (4) shared session state, and (5) no observability. Fix those five, and most other issues become tractable.

1. The retrieval boundary is wrong

The single most common failure pattern: developers point a RAG (Retrieval Augmented Generation) pipeline at "all the company data" and expect intelligence to emerge. It does not. What emerges is a slow, hallucinatory agent that confidently cites the wrong document.

Production-grade retrieval requires a tight, intentional boundary. For a knowledge agent over policy documents, that means scoping retrieval to a curated, versioned corpus — not the entire SharePoint. It means tagging documents with effective dates, jurisdictions, and revocation status. It means having a human in the loop to mark "do not retrieve" on documents that are deprecated but not yet deleted.

In our knowledge agent deployment over 5,283 policy documents, the single biggest accuracy lift came not from a better embedding model, but from cleaning up the corpus and introducing a "freshness score" that biases retrieval toward documents updated in the last 18 months. Phase-1 accuracy went from 67% to 85%.

How to design the retrieval boundary

  1. Inventory the source documents. Tag each by domain, jurisdiction, effective date, and authority.
  2. Decide what's in scope per agent. A leave-policy agent should not retrieve from finance handbooks. Separation matters.
  3. Build a freshness-weighted re-ranker on top of your vector search. Recency signals beat semantic similarity in regulated domains.
  4. Require provenance citations on every answer. If your agent can't cite, it can't ship.

2. There is no escalation path

Demos always show the happy path. Production is 80% edge cases. An agent that handles 70% of conversations beautifully and silently fails the other 30% is worse than no agent at all — because the 30% are the conversations that matter most.

Every production agent we've shipped has a triage layer in front of it. Before the LLM ever generates a response, a lightweight classifier (often a fine-tuned smaller model or even a rules engine) routes the conversation: tier-1 self-service, tier-2 LLM-handled, tier-3 human escalation. The LLM only handles tier-2. Everything else routes around it.

The hardest part of agentic AI isn't getting the agent to answer. It's knowing when not to.

For our service agent that replaced 180 live support agents, the triage layer routes roughly 15% of conversations to a human within seconds — typically high-value disputes, vulnerable-customer flags, or anything involving threats of legal action. That 15% is sacred. The CSAT for those escalated conversations sits at 4.8/5; if the agent had tried to handle them itself, it would have wrecked the brand.

3. There is no eval harness — only vibes

Most agent projects ship without an evaluation framework. The team's confidence comes from "it seemed to work in testing" — which is not a metric. Then production traffic hits and behavior drifts and nobody can prove whether it's getting better or worse.

An eval harness for agents has three layers:

  • Golden datasets. A curated set of 200-500 representative inputs with known-good outputs. Run these on every model change. Track regression.
  • LLM-as-judge. A separate (usually larger) model rates the production agent's outputs on dimensions like factuality, helpfulness, and safety. Sample 5-10% of production traffic.
  • Human review. A 1-2% sample reviewed by a domain expert weekly. Boring, expensive, irreplaceable.

Without these, you're flying blind. With them, you can ship aggressively because you can detect regressions within hours instead of weeks.

4. Sessions and memory are shared state landmines

This is the architectural bug that's hardest to spot in a demo and hardest to debug in production. When agents share context across users — through naive caching, shared embeddings, or sloppy session management — you get cross-contamination. User A's PII shows up in User B's response. Conversations bleed. The breach is small, silent, and catastrophic.

Production agents need session isolation by default. Each conversation gets its own context window. Tool calls are scoped to the authenticated user. Caching is keyed by user identity and request signature, not just request signature. RAG retrieval respects row-level access controls in the underlying data store — not just on read, but on indexing.

This is one of the few areas where boring engineering pays massive dividends. If you've been an enterprise software engineer for a decade, you know how to design for tenancy isolation. Apply that discipline to your agent stack and you'll skip an entire class of incidents that the LangChain tutorials don't warn you about.

5. There is no observability layer

An agent in production without observability is a system you cannot operate. You cannot diagnose latency spikes. You cannot trace a hallucination back to the source document. You cannot do FinOps. You cannot prove compliance.

The minimum observability stack for a production agent:

  • Distributed tracing across user request → triage → retrieval → LLM → tool calls → response. We use OpenTelemetry with a custom span model for LLM operations.
  • Per-call cost tracking. Token in, token out, cost per provider, cost per tool. Aggregated by tenant, by feature, by user cohort.
  • Drift detection. Embedding-distance monitoring on inputs and outputs vs. a reference distribution. Trigger alerts on shift.
  • Replay infrastructure. The ability to take any production conversation and replay it deterministically against a new model or prompt. Without this you can't iterate confidently.

The architecture that actually ships

Pull all five together and you get an architecture that looks like this:

User → Triage Classifier → [tier-1: self-serve | tier-2: agent | tier-3: human]
                                       ↓
                           Session Isolator (per-user context)
                                       ↓
                       Scoped Retrieval (boundary + freshness)
                                       ↓
                                 LLM + Tools
                                       ↓
                          Response + Citations + Telemetry
                                       ↓
                  Eval Harness (golden + LLM-judge + human sample)

It is not glamorous. It will not win an Awwwards demo. It is the difference between an agent that you can ship to a regulated FinTech and an agent that lives forever in staging.

What we'd build next time

If we were starting fresh today, we would:

  1. Build the eval harness before the agent. Decide what "good" looks like, in writing, with metrics, before the first prompt is written.
  2. Spec the escalation policy with the customer-success leader, not the engineering lead. The people who own the consequence of bad answers should design the routing.
  3. Pick boring infrastructure. Postgres for state, Redis for cache, OpenTelemetry for tracing. Use the boring tools so the novel parts (the agent itself) get all the engineering attention.
  4. Plan for the second model. The model you ship with will be replaced within 12 months. Architect for the swap.
  5. Make the agent a function, not a feature. Wrap it behind an API. Let other product surfaces consume it. Don't bind it to a single chat UI.
The bigger point — Agentic AI in 2026 is not constrained by model capability. The frontier models are good enough for most use cases. Agentic AI is constrained by operational maturity — eval, observability, escalation, governance. The teams that win are the ones treating agents like the production systems they are, not like demos.

If you're piloting an agent right now and any of these five problems sound familiar, the fix is mostly architectural — not modelistic. We've open-sourced our reference architecture diagrams in our AI services overview, and we'd be happy to walk through your specific situation. Book a 30-minute architecture review with our CTO and AI advisor — no sales loop, just a real conversation.