Matt Coppinger
← Writing

The Rise of AI Agents: From Chatbots to Autonomous Employees

AIAgentsEnterpriseAutomation

Eighteen months ago, AI meant chatbots. You typed a question, got an answer. Useful. But passive - the AI sat there waiting for you to drive every interaction.

That era is over. We're in the age of AI agents now - systems that don't just respond to prompts but take actions, use tools, make decisions, and operate with real autonomy. The shift from "AI as a tool" to "AI as a colleague" is happening faster than most organisations realise. I've been testing various autonomous agents, building products with Claude Code, and watching this space move at a pace that frankly catches me off guard weekly. Here's what I've learned.

Where Agents Came From

The evolution follows a clear trajectory:

Stage 1: Chat completions. GPT-3, early ChatGPT. You ask, it answers. No memory between conversations, no ability to take actions. Sophisticated autocomplete.

Stage 2: Tool use. Models gained the ability to call functions - search the web, run code, query databases. The AI could now do things, not just say things. This was the first real step toward agency.

Stage 3: Reasoning and planning. Models like Claude and GPT developed the ability to break complex tasks into steps, reason about which tools to use, and self-correct when things went sideways. The AI could now think through a problem.

Stage 4: Persistent agents. Systems that run continuously, maintain memory across sessions, monitor for events, and take proactive action without being prompted. This is where we are right now. And it's wild.

How Agents Work

At their core, agents follow a loop: observe, think, act, observe the result, think again. The architecture looks like this:

  • A foundation model - the "brain" that reasons about what to do next (Claude, GPT, Gemini, whatever)
  • Tool access - APIs, file read/write, code execution, web browsing, messaging
  • Memory - persistent context across sessions, so the agent actually knows what happened yesterday
  • Orchestration - a framework managing the observe-think-act loop, handling errors, enforcing boundaries
  • Guardrails - rules about what the agent can and can't do, which actions need human sign-off, and how to handle uncertainty

Here's the thing most people miss: the model itself is just one component. The real complexity - and the real value - lives in the orchestration layer. That's what gives the model tools, memory, and boundaries. Get that wrong, and you've got a very expensive liability.

The Agent Landscape

The ecosystem is moving fast. Here are the approaches I find most interesting:

OpenClaw is an open-source agent framework that turns any foundation model into a persistent, autonomous assistant. I run it daily. It's model-agnostic - Claude, GPT, Gemini, local models, any OpenAI-compatible API - and this matters more than you'd think. The agent becomes the arbiter of which model to use for which task: a lightweight model for routine checks, a reasoning model for complex coding, a fast model for quick replies. It connects to messaging platforms, manages files, browses the web, and operates on scheduled heartbeats. But I'll be direct: frameworks like OpenClaw require serious security awareness. They run with broad access to your local machine, and without careful configuration, the attack surface is real.

Claude Code (Anthropic) is a CLI-based coding agent. Give it a task, point it at a codebase, and it reads files, writes code, runs tests, and iterates until the job is done. Direct filesystem access, running in your terminal. A developer that works at machine speed. I use it to build my own products and it has genuinely changed how I work.

OpenAI Codex takes a similar approach but runs in a sandboxed cloud environment. You assign tasks, it spins up an isolated container, writes and tests code, delivers the result. A remote contractor working in its own clean room - you get the output without giving it access to your local environment.

Claude CoWork is Anthropic's vision of enterprise agent deployment. Multiple Claude agents working in parallel on complex projects, coordinated through a shared workspace. Designed for organisations that need agents handling research, analysis, and content creation at scale - not just individual coding tasks.

Other notable agents include AutoGPT (one of the early autonomous agent experiments - ambitious but rough), LangChain-based agents (popular with developers), and Microsoft's Copilot Studio (enterprise agent building for the Microsoft ecosystem).

Lessons from the Trenches

The first rule of working with agents: start with a safe use case. Before you worry about architecture or model selection, identify a task where failure is cheap. Internal documentation, code formatting, data summarisation, research gathering - these are agent-friendly because a mistake is fixable, not catastrophic. Don't start by pointing an agent at your production database. (Ask me how I know.)

I've been running autonomous agents extensively through OpenClaw. Here's what that actually looks like:

Agents will confidently do the wrong thing. This is the big one. An agent with broad permissions and insufficient guardrails will take actions that seem logical from its perspective but are completely wrong in context. I've had agents send messages to the wrong people, make incorrect assumptions about file structures, and cheerfully break things while trying to help. Confidence is not competence. I learned this the hard way.

Rate limits and API costs add up fast. An autonomous agent making decisions, calling tools, and iterating on results can burn through API credits at an alarming rate - especially when it hits an error and starts retrying aggressively. Set hard spending limits before you give an agent autonomy. Seriously. Do this first.

Memory management is critical. Agents without well-structured memory make the same mistakes repeatedly, forget context from yesterday, or hallucinate details from conversations that never happened. Good memory architecture - what to remember, what to forget, how to organise it - is as important as the model itself. Maybe more so.

The "just ask" principle saves disasters. The single most valuable guardrail is teaching agents to ask for confirmation before taking irreversible actions. Sending emails, deleting files, making purchases, posting publicly - these should always require human approval until trust is established. Always.

Start narrow, expand gradually. Give an agent access to one tool, one workflow, one domain. Let it prove competence there before expanding its reach. The temptation is to give it everything and see what happens. Resist.

Getting Started with Agents

You don't need to build an agent framework from scratch - the tooling has matured to where you can be running in minutes. The question is which approach fits your use case.

The easiest way to experience what agents can do is to pick one and use it on a real task. My recommendation: start with Claude Code - but don't just prompt it. That's already old school. The real power is in sub-agent orchestration.

Sub-Agents in Claude Code: A Quick Start Guide

Claude Code has a built-in sub-agent system. The main agent acts as an orchestrator, automatically delegating tasks to specialised sub-agents - each running in its own context with a custom system prompt, specific tool access, and independent permissions.

Out of the box, you get built-in sub-agents:

  • Explore - a fast, read-only agent (runs on Haiku for speed) that searches and analyses codebases without making changes
  • Plan - gathers context before presenting an implementation plan
  • General-purpose - handles complex, multi-step tasks requiring both exploration and action

But the real power is in creating your own. Here's how:

Step 1: Create a sub-agent file. Sub-agents are markdown files with YAML frontmatter, stored in .claude/agents/ for project-level agents or ~/.claude/agents/ for agents available across all your projects.

Here's a code review sub-agent:

---
name: code-reviewer
description: Reviews code for quality, security, and best practices. Use after any code changes.
tools: Read, Glob, Grep
model: sonnet
---

You are a senior code reviewer. When invoked, analyse the code changes and provide specific, actionable feedback.

Focus on:
- Security vulnerabilities (XSS, injection, data exposure)
- Performance anti-patterns
- Consistency with project conventions
- Edge cases and error handling

Output a summary with severity ratings for each finding.

Step 2: Create more specialists. A testing agent, a documentation agent, a migration agent - whatever your project needs:

---
name: test-writer
description: Writes and runs tests for code changes. Use after implementation work.
tools: Read, Write, Edit, Bash, Glob, Grep
model: sonnet
---

You are a testing specialist. Write comprehensive tests for any code changes.

- Use the project's existing test framework and patterns
- Test edge cases and error states, not just happy paths
- Run the full test suite and fix any regressions
- Never mock what you can test directly

Step 3: Let the orchestrator work. When you give Claude Code a complex task - "Add a user settings page with email preferences, input validation, and full test coverage" - it reads your sub-agent descriptions and automatically delegates. Implementation goes to the main agent, testing gets handed to your test-writer, and the code-reviewer checks the final output. Each sub-agent runs in its own context window, so the test writer doesn't need to know about your design system, and the reviewer looks at the finished product with fresh eyes.

I've used this on real projects and the difference is night and day versus a single monolithic agent trying to do everything.

Key details:

  • Sub-agents can be scoped to a project (.claude/agents/), to your user (~/.claude/agents/), or passed as JSON via the --agents CLI flag for one-off sessions
  • You control which tools each sub-agent can access - a reviewer might only get read-only tools, while an implementer gets full write access
  • Route cheaper tasks to faster models (Haiku for exploration, Sonnet for the hard stuff) to control costs
  • Project-level sub-agents can be checked into version control so your whole team benefits
  • The CLAUDE.md file in your project root acts as the main instruction file for Claude Code - use it to define project conventions, and it informs how all sub-agents behave

Agent Instructions Across the Industry

Claude Code uses CLAUDE.md and .claude/agents/ for its agent system, but there's a broader ecosystem of markdown-based agent instruction files emerging:

  • AGENTS.md - a cross-platform convention read by OpenAI Codex, Gemini CLI, and others. Codex also supports an Agents SDK for defining multi-agent workflows programmatically, with specialised agents handing off to each other
  • CLAUDE.md - Claude Code's project instruction file, combined with .claude/agents/ for sub-agent definitions
  • .cursorrules / .windsurfrules / .clinerules - tool-specific instruction files for Cursor, Windsurf, and Cline
  • .github/copilot-instructions.md - GitHub Copilot's custom instructions
  • Google Gemini CLI - supports sub-agents as an experimental feature, with dedicated agents for codebase analysis, documentation, and domain-specific reasoning

The pattern is the same everywhere: a markdown file that tells the agent how to work in this specific project. What conventions to follow. What frameworks are in use. What to prefer. What to avoid. A job description that lives alongside the code.

This is a fundamental shift. Your repo doesn't just contain code anymore. It contains the instructions for the AI agents that will work on that code. The quality of your agent definitions directly impacts the quality of agent output - which means writing good agent instructions is becoming a core engineering skill. I'd argue it already is.

Designing Agent Architectures

This is the shift. You're not writing prompts anymore. You're designing agent architectures - defining roles, responsibilities, and boundaries, then letting the system figure out execution. You review the output, but the work is distributed across purpose-built agents that are better at their narrow task than any single generalist could be.

For enterprise and team use, Claude CoWork and Microsoft Copilot Studio offer managed environments where multiple agents work in parallel with proper access controls and audit trails. These are for organisations that need governance around their agent deployments.

For experimentation, Anthropic's API and OpenAI's Assistants API let you wire up custom agents with tool use, memory, and instructions in a few dozen lines of code. Frameworks like LangChain and CrewAI add orchestration on top for multi-agent workflows.

The barrier to entry is low. The real challenge isn't getting an agent running - it's defining clear boundaries for what it should and shouldn't do, and building the trust to expand those boundaries over time.

The Future: Autonomous AI Employees

Here's where this is heading. And it's not years away. It's months.

Within the next twelve months, organisations will employ AI agents as autonomous digital employees. Not chatbots. Not copilots. Employees - with defined roles, responsibilities, working hours, and performance metrics. I'm convinced of this.

These AI employees will:

  • Have their own workstations - isolated, managed virtual desktops (think Omnissa Horizon VDI) where the agent operates in a controlled digital workspace. I've spent years working with VDI environments, and the infrastructure for this already exists. Same concept as a human employee connecting remotely
  • Be managed by human supervisors - a human manager reviews the agent's work, approves critical decisions, adjusts priorities. Like managing a junior team member (one that never sleeps and doesn't need coffee)
  • Operate under strict permissions - role-based access control determines what systems, data, and tools each agent can access. No different from onboarding a new hire
  • Run in sandboxed environments - every agent operates in an isolated workspace where actions can be monitored, audited, and rolled back
  • Follow compliance frameworks - audit trails, data classification, access logs. All the governance that applies to human employees applies to AI employees

There are still gaps. Granular control mechanisms for agent permissions are immature. Deployment and orchestration tooling is fragmented. Monitoring and observability for agent behaviour is still being figured out. But the core technology is close enough that early adopters are already operating this way.

The critical unsolved problem is quality assurance. How do you ensure an agent produces correct, reliable results every time - without hallucinations, without subtle errors, without confidently wrong outputs? This is the hard problem. I deal with it daily running my own agents. The organisations that crack it - that find the right combination of process, architecture, and oversight to guarantee consistent agent output quality - will have extraordinarily effective additional "employees" at a fraction of the cost.

And every organisation needs this. Every org is resource-constrained. Headcount is expensive, hiring is slow, and there's always more work than people to do it. Adding AI employees that handle research, analysis, content creation, and routine operations will be transformative. Not in a hand-wavy futurist sense. In a "this changes your P&L next quarter" sense.

The Agent Coding Revolution

Perhaps the most immediate disruption is in software development. Agents that can code are already here - and they're remarkably capable. Claude Code, Codex, and similar tools can build features, fix bugs, write tests, and refactor codebases with minimal human intervention. I build my own products this way now. It works.

The implication is profound: people are going to be able to build software without traditional software engineering teams. A product manager with a clear vision and an AI coding agent can prototype, iterate, and ship at a pace that would have required a full dev team twelve months ago. I know because I'm doing it.

This doesn't eliminate software engineers - it changes what they do. Engineers become curators and architects: designing systems, reviewing agent-generated code, managing the agent infrastructure, ensuring quality and security. The craft shifts from writing every line to orchestrating the agents that write them. The best engineers will be the ones who can direct AI effectively - who understand both the architecture and the agent's limitations.

For businesses, this is an unprecedented opportunity and a genuine strategic challenge. The velocity agents unlock for building things is extraordinary. But that velocity is dangerous without discipline. Businesses need to pivot now to understanding how they can responsibly harness this speed - establishing review processes, quality gates, and architectural guardrails that let them move fast without breaking things.

The Human Layer

The most important part of this future isn't the technology. It's the human oversight.

AI agents will make mistakes. They'll misinterpret instructions, take suboptimal paths, and occasionally do something genuinely wrong. The role of human employees shifts from doing the work to supervising the agents that do the work - reviewing output, providing feedback, handling edge cases, and making the judgement calls that require context the agent doesn't have.

This isn't about replacing humans. It's about changing what humans do. Less routine execution, more strategic oversight. Less typing, more thinking.

The organisations that get this balance right - giving agents enough autonomy to be useful while maintaining enough human oversight to be safe - will have an enormous competitive advantage. The ones that don't will either move too slowly (afraid of agents) or too recklessly (trusting agents too much). Both lose.

The infrastructure already exists. UEM platforms manage device compliance. VDI solutions provide isolated workspaces. Identity providers handle access control. DLP tools prevent data leakage. If you can securely manage a remote human employee's virtual desktop, you can manage an AI employee's virtual desktop. Having worked in the digital workspace and endpoint management space for over two decades, I can tell you: the security model is the same. The tooling is ready. What's missing is organisational readiness.

The trajectory is clear and the building blocks are in place. The question isn't whether AI agents will become autonomous employees. It's whether your organisation is ready to manage them when they do.