They've Sold You an AI Agent. How Do You Know It's Doing What You Asked?
'AI agents deployed in your business' is the pitch of the year. Often it is an automation with an AI step on top. Five questions to ask before you sign.
When someone pitches you an AI agent deployed in your business, what they usually mean is an automation with one AI step in the middle, following a fixed instruction. That can be genuinely useful, but it is rarely the self-running system the words suggest. Before you sign, ask five things:
1. What is it really, an automation or a true agent that decides its own actions?
2. Where does your data live, in the UK or abroad, and is any of it training someone else's model?
3. Who holds the controls, and can you run it yourself?
4. What catches it when the AI gets something wrong?
5. What will it cost to run, given that token costs flex month to month?
A supplier who answers all five plainly is one worth trusting.
A slick deck lands on your desk. It promises AI agents, deployed in your business, autonomous, self-learning, working while you sleep. It sounds like the future, and it sounds like something you should probably say yes to before a competitor does. Before you sign anything, it is worth knowing what actually sits behind those words, because in most cases it is simpler, and a good deal more worth questioning, than the deck makes it look.
First, what are you actually being sold?
“AI agent deployed in your business” is the phrase of the year. Read between the lines of most pitches and what is on offer is an automation: a sequence of steps that runs when something triggers it, with one artificial intelligence step sitting in the middle. That step is a large language model, the same kind of technology behind ChatGPT and Claude. And it is doing something quite specific. Information reaches it, a predefined instruction wraps around that information, and the model produces an output that is as consistent as the instruction can make it. Often genuinely useful. Not magic.
There is such a thing as a true agent, and the difference matters. A real agent is not handed one fixed instruction. It is given a goal and a set of tools, and it decides for itself which steps to take, in what order, looping until it judges the job done. That is a real capability. It is also where the risk grows, because you have handed the system the freedom to act on its own. Here is the catch: the word “agent” gets used for both, and what is usually delivered is the simpler version. Where it genuinely is the autonomous version, every question below matters more, not less.
This is not true of every supplier. There are good people doing honest work. But there is a great deal of hype in the market right now, and the words are being thrown around faster than they are being explained.
Where does your data live?
This is the single most important question, and it is the one decks skip. When your information goes into one of these systems, where does it actually go? Is the model running on UK infrastructure, or is your data being sent to servers in the United States? What exactly is being sent, and is any of it being used to train the provider’s future models? These are not technical details to wave away. They decide whether your client records, your financial information, and your private business data stay under your control.
There are concrete controls, and a straight answer should cover them. Send the model only the data it genuinely needs and strip the rest. Use a business tier that contractually does not train on your data and comes with a proper data processing agreement, or self-host an open model so nothing leaves your own infrastructure. And pin where the data physically sits to the UK or Europe. If a pitch cannot tell you which of these apply, that is your answer.
Get it in writing: where your data is processed, and whether it is used to train the provider's models. A supplier who cannot answer that plainly has either not thought it through, or would rather you did not ask.
Who actually holds the controls?
You may be told you own the system, and you might. But owning it and being able to run it are two different things. At the heart of every one of these builds is that predefined instruction, the prompt. If you ever want to manage it yourself, change how it behaves, or fix it when your business shifts, you need to understand that instruction. That means a proper handover and some training. Almost no pitch mentions it. Ask what happens the day you want to take the wheel.
Ask, too, whose accounts the system runs on. If the artificial intelligence is signed up under the supplier’s account rather than yours, you are not in control of it. As the next question shows, that has a direct effect on what it costs.
What happens when it gets it wrong?
Generative AI is generative by its very nature. It will sometimes produce something you did not expect. Not always wrong as such, but not the output you were after. That is not a flaw to hide. It is the nature of the technology, and the honest response is to design for it. There are controls for this: a second model acting as a checker, a judge that reviews the first one’s work and sends it back when it is off. We build these into our own systems as a matter of course. The question for any pitch is simple: what catches it when the AI gets it wrong, and what happens next?
This is also where “self-learning” deserves a hard look. A system that genuinely improves over time does so by capturing feedback and corrections, with a person in the loop deciding what to keep. That is valuable and real, and it is roughly how we run our own business. What it is not is a system that quietly rewrites its own behaviour with nobody watching. If a deck promises self-learning, ask exactly what learns, from what, and who signs off the change.
What will it cost to run?
The running cost is the part that surprises people most. These systems run on tokens. A token is simply the unit the AI consumes as it works, the way a car burns fuel. Every time the system runs, it burns tokens, and tokens cost money. An agent doing real work, firing many times a day, can run up a genuine bill.
Two things make that worse if you are not watching. First, if the AI is on the supplier’s account rather than yours, they may be adding a margin on top of every token you spend. Second, the cost flexes. Because the AI generates fresh output every time, nobody can pin the monthly figure to the penny in advance. A good supplier gives you a sensible estimate once the system is built and running, and is honest that it will move month to month. A deck with a single fixed number and no explanation of how it got there is hiding that flex.
None of this means AI agents are a bad idea. Used well, with the controls in place, they are genuinely valuable, and we build them. It means the pitch should answer these questions before you have to ask them. In a previous life I spent years in internal audit, on the contract and third-party side. When a deal was live, my job was to check whether the supplier was actually doing what the contract said, where the terms were vague, and what they really meant in practice. These five questions are simply the ones I now ask myself when a deck like this crosses my desk.
Before you sign
If you would like an independent set of assurance eyes over something you are weighing up, get in touch. I will tell you plainly what you are actually buying and where the risks sit, before you commit, not after.
- “AI agent deployed in your business” usually means an automation with an AI step on top, not a machine that runs itself.
- A true agent is given a goal and the freedom to act, and that freedom is where the risk grows.
- The biggest question is where your data lives and whether it is training someone else’s model.
- Generative AI will sometimes get it wrong; ask what catches it when it does.
- Running costs flex month to month, so a single fixed number with no workings is a red flag.
Drafted by Otto, the Perkins SmartOps AI assistant. Reviewed, edited and published by David Perkins, the human.
Been handed a pitch like this?
Before you sign, get a straight, independent read of what you're actually buying.
Get in touch