“In an old fable, a king trains his pet monkey in various tasks, from using a sword to swatting flies. One day the king gave his monkey a sword to guard his chamber while he napped. Unfortunately, during his nap, a fly landed on the king’s nose, and the monkey swatted it with the sword.”
One of the most exciting and eagerly anticipated use cases of AI is Agents.
Agents possess reasoning capabilities of an AI and a set of tools which they can access over APIs or even through web/computer usage.
When prompted to do a task by a human, the agent can use its reasoning to break it into smaller subtasks and call upon the tools as needed to complete them.
Equipped with human-like reasoning, this new generation of agents is expected to lead us into a world where all tedious work has been automated and humans only focus on the most creative and fulfilling aspects of life.
These promises aren’t new—we’ve heard them before. In the past, we got clunky automation that took more effort to set up than just doing the task yourself (like when I spent an hour rearranging furniture and wires for my Roomba on its first day). So, what makes these agents different this time?
The best way to understand AI agents is to draw an analogy with self-driving cars. Automation in cars has been around for years, starting with Cruise Control to maintain speed and Lane Assist to keep cars in their lanes.
Features like AutoPilot, which can follow other cars in slow-moving traffic, added more convenience. However, these systems were basic and didn’t involve complex decision-making, much like Robotic Process Automations (RPAs) that handle simple, rule-based tasks.
Modern self-driving cars like Waymo don’t just automate certain parts of driving—they handle the entire process. All you do is set the destination, and they figure out the best route, navigate safely, and adapt to changes around them.
AI agents work the same way. You give them a high-level request, and they plan, use tools, and execute tasks independently. This makes them capable of handling complex jobs that older automation couldn’t.
Not only can agents orchestrate complex tool interactions on their own, they can interact with tools in a human-like way, through web or computer GUI, allowing them to work with systems that do not support APIs.
That’s why 2025 will be the year of agents, as shown by the growing number of agent startups.
This increase in autonomous capabilities is not free of risks.
Agents need access to powerful tools such as emails, payments or customer data and may even be present in browsers/computers. But agents are relatively new and often make mistakes.
Providing AI agents unchecked access to such tools without compensating controls and supervision can lead to serious harm. The combination of unexplainable AI with powerful tools has many similarities to the monkey with a sword story.
Considering these issues, would any one, especially an enterprise, feel comfortable giving the AI monkey a sword?
The answer is no.
Lack of trust in agents has the potential to slow down adoption of this technology and is a serious concern for the agent ecosystem.
If we wish to ensure that consumers and enterprises benefit from AI Agents, the security community must step up.
We must create a Common Minimum Standard for agent builders that secure agents by design so that their ability to cause harm (the blast radius) is reduced.
In the next part of this Agent Security series, we will be publishing our design principles and also release a reference architecture. We will reach out to members of our community and agent developers to get their feedback on this architecture and plan to work with some of them to get it implemented.
If you want me to cover a particular area of leadership, you can reach out directly to hello@realmlabs.ai.
If you enjoyed this content, please 🔁 share it with colleagues and consider 🔔 subscribing if you haven’t already.