Your AI agent passed the demo. Then it entered a live workflow and started failing.
The instinct is to blame the model — pick a smarter one, write a better prompt. That instinct is usually wrong. In real operations, the model is rarely the bottleneck. The workflow is.
A live workflow is not a single answer. It is a chain of approvals, exceptions, source lookups, and handoffs between systems and people. A capable agent dropped into that chain without operational controls will fail at the seams — approving what should have been escalated, acting on a stale document, or handing a half-finished task to the next step with no trace of what it did. The model was fine. The operation around it was undefined.
For an operations leader, that reframes the AI question entirely. The job is not to find the best model. It is to decide where the agent can act alone, where a human must review, which source it is allowed to trust, and what it must hand off. Those are operational design decisions, and they determine whether AI survives contact with your real workload.
Key Takeaways
- Good models fail in live workflows because operations depend on approvals, exceptions, source quality, and handoffs — not on model intelligence alone.
- Every production AI workflow has four control points. If any one is undefined, that is where the agent breaks.
- The most expensive failures are silent: the agent acts confidently on bad context and no one notices until a customer or auditor does.
- You can map the control points of one workflow in 20 minutes and find the gap before it becomes an incident.
What this post covers
After reading this, you will be able to take one AI workflow you operate and mark exactly where a human must review, where the agent can act alone, and where it is silently exposed.
- Why model quality stops predicting success once an agent enters a live workflow
- The four operational control points every AI workflow has: approvals, exceptions, source quality, handoffs
- A claims-handling example walked through each control point
- The silent failure modes that do the most damage
- A 20-minute worksheet to map the control points of one workflow
This builds on Context Engineering Is Your AI Strategy: A CEO Playbook, which framed what the AI is allowed to access and trust. Here we move from what the AI knows to how it behaves inside a running operation. For the underlying distinction, see AI Agents vs Workflows.
Model quality stops predicting success the moment an agent enters a live workflow
In a demo, the agent answers one well-formed question with clean context. That is a reasoning test, and modern models pass it.
A live workflow is a different test. It is sequential, it is messy, and it has consequences. The agent must decide whether it is even allowed to act, handle the cases that do not fit the happy path, retrieve from sources that may be out of date, and pass results to a downstream system or person without losing what it did and why.
None of that is a reasoning problem. It is an operations problem. A staff-engineer-grade model with no operational controls will still approve a refund it should have escalated, because nothing told it that refunds over a threshold need a human. The intelligence was never the gap.
The implication for operations leaders: stop evaluating AI by model benchmarks and start evaluating it by workflow controls. The question is not "is this model smart enough?" It is "have we defined where this agent must stop?"
Every AI workflow has four control points — and the undefined one is where it breaks
Across support, finance, operations, and customer success, production AI workflows fail at the same four seams. Make each one explicit and the workflow holds. Leave one implicit and that is precisely where the agent breaks.
Approvals — where must a human say yes before the agent acts? Some actions are reversible and low-stakes; the agent can take them alone. Others — issuing a credit, sending an external commitment, closing a ticket as resolved — cross a threshold where a human must approve. The approval boundary is a business decision about risk, not a model capability.
Exceptions — what happens when the case does not fit the happy path? Most workflow value is in the long tail: the unusual claim, the conflicting record, the request the agent has low confidence about. A workflow that only defines the happy path delegates the hard cases to an agent that has no instruction to escalate them.
Source quality — is the agent acting on current, authoritative context? An agent is only as reliable as the documents it retrieves. If ingestion lags, it answers from a superseded policy. If two sources conflict, it has no way to know which one governs unless you defined a trust order. Source quality is the difference between a confident answer and a confident wrong one. (This is the same failure the truth and memory layers exist to prevent.)
Handoffs — what does the agent pass to the next step, and can that step trace it? A workflow is a relay. When the agent hands a result to another system or person, the receiver needs the output and the evidence: what was decided, from which source, under which version. A handoff without a trace turns the agent into a black box the next step cannot verify.
If a control point is unlabeled, the agent is making that decision for you by default.
A claims workflow shows how each control point decides the outcome
Picture a mid-market insurer using an AI agent to triage incoming claims. The model is strong. Walk it through the four control points and you can predict exactly where it succeeds and where it fails.
Approvals. Auto-approving claims under a small amount with clean documentation is safe and fast — let the agent act. Approving a high-value or disputed claim is not; that must route to a human adjuster. Define the threshold and the agent is an accelerator. Leave it undefined and the agent eventually approves something it should not have.
Exceptions. A claim arrives with a missing document or a policy edge case. A well-designed workflow tells the agent: low confidence or missing required field means escalate, do not guess. Without that rule, the agent fills the gap with its best guess — and a confident guess on a claim is a liability.
Source quality. The agent checks coverage against the policy. If ingestion is current and the trust order is explicit, it reads the executed policy version. If not, it may cite a lapsed or draft policy and triage the claim against terms that no longer apply.
Handoffs. When the agent escalates to a human adjuster, it should pass the claim, the documents it read, the policy version it used, and its reasoning. With that trace, the adjuster resolves in minutes. Without it, the adjuster restarts the investigation — and the AI added latency instead of removing it.
Same model in all four cases. The outcome was decided by whether the control point was defined.
The most expensive failures are silent
Operations leaders are trained to watch for errors that announce themselves. AI's dangerous failures do the opposite.
Confident action on stale context. The agent retrieves an outdated document and acts on it with full confidence. There is no error message — just a wrong decision that looks right until it reaches someone who knows better.
Silent scope creep. New document types or actions get added to the workflow without revisiting the approval and access rules. The agent gradually starts acting on context, and taking actions, no one explicitly authorized.
Untraceable decisions. Weeks later, a customer or auditor asks why the AI did what it did. If the workflow never required the agent to record which source and version it used, the team cannot answer. The cost is not one bad decision; it is the inability to prove or correct it.
These failures share a root cause: an undefined control point combined with no audit trail. The fix is not a smarter model. It is defining the controls and making the agent's decisions traceable.
Map the control points of one workflow in 20 minutes
You do not need engineering for this. You need one workflow and a sheet of paper.
Step 1: Name one AI workflow you run or plan to — claims triage, support resolution, invoice processing, sales research.
Step 2: List its steps in order, from trigger to final handoff.
Step 3: Label each control point using the table below. The gaps — steps with no approval rule, no exception path, an unverified source, or a handoff with no trace — are your operational risk.
| Control point |
Question to answer |
If undefined, the agent... |
| Approvals |
Where must a human approve before the agent acts? |
acts beyond its authorized risk threshold |
| Exceptions |
What triggers an escalation instead of a guess? |
guesses confidently on the hard cases |
| Source quality |
Which sources, in what trust order, may it use? |
answers from stale or conflicting context |
| Handoffs |
What evidence travels with each handoff? |
becomes a black box the next step cannot verify |
Write the gaps down. Each one is a place the agent is currently deciding for you, without anyone having decided it should.
How Inherent makes the control points enforceable
Defining the control points is the operations decision. Enforcing them depends on the context layer underneath the agent, and that is what Inherent provides. Managed ingestion keeps the source-quality control honest by keeping the truth layer current with provenance on every chunk. Deterministic retrieval enforces the trust order so the same workflow does not act on a different document on two runs. Retrieval receipts make handoffs and approvals auditable, so every escalation carries the evidence the next reviewer needs and every decision can be traced back to its source, version, and permission scope.
The model reasons. The context layer is what lets your operation trust the reasoning. For the architecture that makes this reproducible, see Managed Ingestion: A RAG Field Guide.
Pick one workflow and mark where it needs a human today
The next time an AI agent fails in production, do not start by swapping the model. Start by asking which of the four control points was undefined.
Take your highest-stakes AI workflow and do the 20-minute map: mark where a human must approve, what triggers an exception, which sources it may trust, and what evidence each handoff carries. The first gap you find is the failure waiting to happen.
When you find it — a step with no approval rule, a handoff with no trace — DM Flow on X @human_in_loop with what the workflow was and where it broke. That gap is far cheaper to understand now than after a customer or auditor finds it for you.
