When is an AI agent not really an agent?

If you were around for the first big wave of cloud adoption, you’ll remember how quickly the term cloud was pasted on everything. Anything with an IP address and a data center suddenly became a cloud. Vendors rebranded hosted services, managed infrastructure, and even traditional outsourcing as cloud computing. Many enterprises convinced themselves they had modernized simply because the language on the slides had changed. Years later, they discovered the truth: They hadn’t transformed their architecture; they had just renamed their technical debt.

That era of “cloudwashing” had real consequences. Organizations spent billions on what they believed were cloud-native transformations, only to end up with rigid architectures, high operational overhead, and little of the promised agility. The cost was not just financial; it was strategic. Enterprises that misread the moment lost time they could never recover.

We are now repeating the pattern with agentic AI, this time faster.

What ‘agentic’ is supposed to mean

If you believe today’s marketing, everything is an “AI agent.” A basic workflow worker? An agent. A single large language model (LLM) behind a thin UI wrapper? An agent. A smarter chatbot with a few tools integrated? Definitely an agent. The issue isn’t that these systems are useless. Many are valuable. The problem is that calling almost anything an agent blurs an important architectural and risk distinction.

In a technical sense, an AI agent should exhibit four basic characteristics:

Be able to pursue a goal with a degree of autonomy, not merely follow a rigid, prescripted flow

Be capable of multistep behavior, meaning it plans a sequence of actions, executes them, and adjusts along the way

Adapt to feedback and changing conditions rather than failing outright on the first unexpected input

Be able to act, not just chat, by invoking tools, calling APIs, and interacting with systems in ways that change state

If you have a system that simply routes user prompts to an LLM and then passes the output to a fixed workflow or a handful of hardcoded APIs, it could be useful automation. However, calling it an agentic AI platform misrepresents both its capabilities and its risks. From an architecture and governance perspective, that distinction matters a lot.

When hype becomes misrepresentation

Not every vendor using the word agent is acting in bad faith. Many are simply caught in the hype cycle. Marketing language is always aspirational to some degree, but there’s a point where optimism crosses into misrepresentation. If a vendor knows its system is mainly a deterministic workflow plus LLM calls but markets it as an autonomous, goal-seeking agent, buyers are misled not just about branding but also about the system’s actual behavior and risk.

That type of misrepresentation creates very real consequences. Executives may assume they are buying capabilities that can operate with minimal human oversight when, in reality, they are procuring brittle systems that will require substantial supervision and rework. Boards may approve investments on the belief that they are leaping ahead in AI maturity, when they are really just building another layer of technical and operational debt. Risk, compliance, and security teams may under-specify controls because they misunderstand what the system can and cannot do.

Whether or not this crosses the legal threshold for fraud, treat it as a fraud-level governance problem. The risk to the enterprise is similar: misallocated capital, misaligned strategy, and unanticipated exposure.

Signs of ‘agentwashing’

In practice, agentwashing tends to follow a few recognizable patterns. Be wary when you realize that a vendor cannot explain, in clear technical language, how their agents decide what to do next. They talk vaguely about “reasoning” and “autonomy,” but when pressed, everything trickles down to prompt templates and orchestration scripts.

Take note if an architecture often relies on a single LLM call with minimal glue code wrapped around it, especially if the slides imply a dynamic society of cooperating agents planning, delegating, and adapting in real time. If you strip away the branding, does it resemble traditional workflow automation combined with stochastic text generation?

Listen carefully for promises of “fully autonomous” processes that still require humans to monitor, approve, and correct most critical steps. There is nothing wrong with keeping humans in the loop—it’s essential in most enterprises. However, misleading language can suggest a false sense of autonomy.

These gaps between story and reality are not cosmetic. They directly affect how you design controls, structure teams, and measure success or failure.

Be laser-focused on specifics

At the time, we did not challenge cloudwashing aggressively enough. Too many boards and leadership teams accepted labels in place of architecture. Today, agentic AI will have an even greater impact on core business processes, regulatory scrutiny, and complex security and safety implications. It also carries significantly higher long-term costs if the architecture is wrong.

This time around, enterprises need to be much more disciplined.

First, name the behavior. Call it agentwashing when a product labeled as agentic is merely orchestration, an LLM, and some scripts. The language you use internally will shape how seriously people treat the issue.

Second, demand evidence instead of demos. Polished demos are easy to fake, but architecture diagrams, evaluation methods, failure modes, and documented limitations are harder to counterfeit. If a vendor can’t clearly explain how their agents reason, plan, act, and recover, that should raise suspicion.

Third, tie vendor claims directly to measurable outcomes and capabilities. That means contracts and success criteria should be framed around quantifiable improvements in specific workflows, explicit autonomy levels, error rates, and governance boundaries, rather than vague goals like “autonomous AI.”

Finally, reward vendors that are precise and honest about the technology’s actual state. Some of the most credible solutions in the market today are intentionally not fully agentic. They might be supervised automation with narrow use cases and clear guardrails. That is perfectly acceptable and, in many cases, preferable, as long as everyone is clear about what is being deployed.

Agentwashing is a red flag

Whether regulators eventually decide that certain forms of agentwashing meet the legal definition of fraud remains an open question. Enterprises do not need to wait for that answer.

From a governance, risk, or architectural perspective, treat agentwashing as a serious red flag. Scrutinize it with the same rigor you would apply to financial representations. Challenge it early, before it becomes embedded in your strategic road map. Refuse to fund it without technical proof and clear alignment with business outcomes.

The most important financial lessons we learned in the cloud era usually related to cloudwashing during its initial implementation. We’re on a similar trajectory with agentic AI, but the potential blast radius is larger. As with cloud conversions, the enterprises that have the most success with agentic AI will insist, from the start, on technical and ethical honesty from vendors and internal staff.

This time around, it’s even more important to know what you’re buying.