Agentic AI Delivers Value When Teams Limit Scope, Enforce Controls, and Track Every Action

The loudest voices in AI chase capability, but the teams capturing real value treat agentic AI as a discipline defined by constraint and vigilant oversight. As agents move from isolated tasks into connected systems, the risk shifts from obvious failure to silent error, unchecked access, and flawed reasoning that passes as success. Successful teams limit what agents can do, track every action, and design systems that catch failure before it compounds.

Abby Morgan is an AI Research Engineer and Developer Advocate at Comet, where she focuses on observability and evaluation of agentic AI systems. She brings previous experience from Circana and Springboard, working across real-world machine learning systems and mentoring emerging data and AI talent. That mix of hands-on ML experience and developer-facing work shapes her focus on bringing structure, visibility, and control to how agents operate in production.

"It's an interesting paradox. Agents need very broad access to be useful, but at the same time, every additional permission you grant them is a potential attack surface. If an agent needs to read your calendar, it shouldn't also have write access to your email. One must be as limited as possible with those permissions," Morgan explains. Managing what agents can touch is the key to keeping systems secure.

• Wrong turn: The more subtle failure mode isn’t breakdown, it’s quiet inefficiency and undetected error. "You can have an output that doesn't throw an error, but is actually incorrect. There are many silent failures you can have with an agent. Maybe it used a dozen tool calls where it really only needed one, so your cost will be way higher than it needs to be. Create guardrails within your system, so the agent can proceed to the next step," Morgan adds. As agents expand their reach across systems and data, the impact of those failures increases.

That risk doesn’t just come from how agents behave, but from the systems they rely on evolving underneath them. “There are a lot of issues with MCP servers updating quietly in the background that give agents access to. These servers must be continuously audited,” she says. Unchecked updates can silently expand risk, making constant review a requirement rather than a precaution.

• Hidden flaws: The problem isn’t just what agents produce, it’s how easily flawed outputs get approved. "Folks are approving agent workflows and actions just based on that final output. Because of this, we see a lot more agents that come out having problematic thinking; whether that's racism, making-up data, harmful or toxic language," Morgan adds. Focusing only on the end result hides critical mistakes, allowing flawed reasoning and risky behaviors to pass unnoticed.

• Metric mania: To move past surface-level validation, teams need measurable standards. "Include as many automated tests as you can. For example, unit tests for specific units of action. You can create your own custom metrics that define what success looks like, and then automatically run them against each piece of generated code," says Morgan.

• Trail of truth: "Before you start playing around with outcomes, make sure that there is a visibility system in place, so when things go wrong, you don't have to start guessing or trying to recreate the problem," Morgan says. "If you do not have full visibility into what your agent is doing, you are operating on blind trust. Blind trust is not a security strategy."

Without a complete record of every agent action, organizations can only guess how outcomes were produced. Real value comes from disciplined oversight: strictly defining what agents can do, continuously auditing their operations, and logging every step. "You will encounter failure modes you never thought possible. Keep an open mind to that and also test constantly, or you'll be operating on blind trust," Morgan concludes.