Personal Wiki

Successful Agentic AI: Model Logic, Data Considerations and Manpower

5 min read

Successful Agentic AI: Model Logic, Data Considerations and Manpower

Abstract

This Confluent blog post by Adi Polak argues that enterprises deploying agentic AI must be prepared to address three fundamental challenges before benefits are realized: (1) model logic reliability — agentic systems introduce non-determinism that requires sustained fine-tuning and feedback analogous to what reduced the unpredictability of early generative AI; (2) data quality and privacy — agents require fresh, accurate, cross-platform data while creating heightened prompt injection and PII exposure risks due to their high autonomy and multi-system access; and (3) manpower and infrastructure investment — GPUs, new data infrastructure (caching, memory management), inference model development, and specialized talent all require significant upfront investment before ROI is realized. A data streaming platform (Apache Kafka + Apache Flink) is proposed as the mechanism for grounding agents in reliable, real-time data. Three deployment categories (consumer, employee, customer-facing) are defined, each with distinct security implications.

Key Concepts

  • Planner + Critical Thinker Architecture: In multi-agent agentic systems, one agent acts as planner (orchestrating actions of other agents) while a second provides a critical thinker function — reviewing planner output and offering feedback to improve it. The critical thinker model requires hundreds to thousands of training iterations (plans + results + feedback loops) before it develops reliable judgment.
  • Non-Determinism in Agentic AI: Unlike traditional software (deterministic, step-by-step instructions), agents receive an outcome goal and determine their own path. This introduces output randomness that must be reduced through the same methods that improved generative AI consistency: fine-tuning, human feedback loops, and sustained model refinement.
  • Three Agentic AI Deployment Categories:
    1. Consumer agentic AI — internal UI with external AI model; zero control over the AI itself, only over data and prompts sent to it
    2. Employee agentic AI — built internally for internal use; lower external risk but risk of exposing internal private data to unauthorized employees
    3. Customer-facing agentic AI — built by a business to serve customers; requires system-level segmentation to prevent private customer data exposure
  • Data Quality and Grounding: Agentic AI systems fail when disconnected from accurate, current data across disparate platforms. A data streaming platform (Apache Kafka for ingestion from disparate sources, Apache Flink for inter-model communication) provides the infrastructure to supply agents with reliable, fresh data — overcoming hallucinations driven by stale or incomplete context.
  • Security Challenges:
    • Prompt injection: Attempts to manipulate agents into leaking proprietary information — heightened risk because agents operate with high autonomy across many systems
    • PII exposure: Every input to an LLM becomes embedded in the model; agentic systems with multi-system access amplify this risk
    • Mitigation: Containerize data to limit exposure to the internal domain where it is needed; anonymize user data and strip PII before sending to the model
  • Infrastructure Requirements: Successful agentic AI deployment requires new hardware (GPUs), new data infrastructure (caching and short/long-term memory management), in-house inference models, and specialized talent (new hires or upskilling) — all significant upfront costs before ROI is realized.

Key Claims and Findings

  • Agentic AI will spread through enterprises much like generative AI has — Gartner predicts at least 15% of day-to-day work decisions will be made autonomously by agentic AI by 2028, up from 0% in 2024.
  • The potential impact of agentic AI on business may significantly exceed what enterprises are seeing from generative AI alone — but only after the reliability, data quality, and model logic challenges are resolved through sustained investment.
  • Addressing agentic AI’s non-determinism requires the same trajectory as generative AI: “similar level of effort” in fine-tuning, human feedback, and iterative model refinement to achieve production reliability.
  • Prompt injection attacks pose a disproportionately greater risk in agentic systems than in standard LLMs because agents have access to many different systems at a high autonomy level — making the attack surface substantially larger.
  • Agents succeed and overcome hallucinations “only if they are grounded in reliable, fresh data” — the data infrastructure layer is as critical as the model layer.

Terminology

  • Planner Agent: The orchestrating agent in a multi-agent agentic system that decomposes a goal into a plan and dispatches subtasks to specialized agents.
  • Critical Thinker Model: A secondary model that reviews the planner’s output and provides feedback, enabling self-correction; requires extensive training on plan–result–feedback triples to be effective.
  • Prompt Injection: A security attack that attempts to manipulate an LLM’s behavior by embedding adversarial instructions in the input, aiming to extract proprietary data or override safety constraints.
  • Data Containerization: Restricting data access to the internal domain where it is needed, minimizing exposure of sensitive data to the agent’s multi-system reach.
  • Apache Kafka: Distributed event streaming platform used for ingesting data from disparate enterprise sources; a core component of data streaming platforms for AI grounding.
  • Apache Flink: Stream processing framework used for real-time computation and communication between AI models in an agentic pipeline.
  • Consumer / Employee / Customer-Facing AI: Three deployment archetypes for agentic AI with escalating internal control: consumer (zero model control), employee (high internal risk), customer-facing (customer data exposure risk).

Connections to Existing Wiki Pages

  • Data Flywheel: What It Is and How It Works — the data flywheel is the systematic approach to the sustained fine-tuning and feedback investment described here as necessary to reduce non-determinism; this article identifies why that investment is required, while the flywheel article describes how to operationalize it
  • AI Agents in Production: Observability & Evaluation — the non-determinism and model drift challenges described here are precisely what the observability, online evaluation, and continuous improvement loop described there are designed to detect and address
  • 5 Common Pitfalls in Agentic AI Adoption — complements the security and governance dimension described here (prompt injection, PII, containerization) with the organizational governance framework (Pitfall 5) needed to manage these risks at enterprise scale
  • What are AI Agents? — foundational definition of the agent components (LLM, memory, planning, tools) that create the multi-system access and non-determinism this article addresses

Graph View

Backlinks