AI Letters #09 · Evidence Dashboard

Production Agent Reliability

Three data views: failure modes, eval coverage impact, and domain-level HITL rates. Numbers that should shape your deployment decisions.

23%
Wrong Tool Selection
21%
Hallucinated Args
18%
Context Overflow
17%
Silent Wrong Answers
Agent Failure Mode Distribution in Production
Breakdown of root-cause categories for agent failures observed across production deployments. "Silent wrong answers" are the hardest to catch — no error thrown, wrong result acted upon.
Most Common Failure
Wrong tool selection (23%) is the most common failure — the agent calls the wrong tool for the task, or uses a valid tool with inappropriate parameters. This is caught by tool selection evals.
Hardest to Catch
Silent wrong answers (17%) are the most operationally dangerous. No exception thrown. The agent produces a confident, plausible, incorrect result that propagates downstream before anyone notices.
Scaling Failure Mode
Context window overflow (18%) grows as task complexity increases. Agents on longer tasks exceed their context budget, lose earlier tool results, and make decisions with incomplete information. Mitigation: explicit context management and task decomposition.
Cost Failure Mode
Cost overruns (9%) appear small in percentage but are catastrophic in impact. A single runaway agent run can consume 100x the expected token budget. Hard per-run budgets prevent this entirely — but teams often skip them until the first incident.
Key Insights
Wrong tool selection + hallucinated arguments account for 44% of all failures — both are caught by trajectory and tool selection evals. Ships with no evals skip the mitigation for nearly half of all failure modes.
Silent wrong answers cannot be caught by monitoring alone — they require eval coverage that checks output correctness, not just the absence of exceptions.
Infinite loops (12%) and cost overruns (9%) together represent 21% of failures — both are fully preventable with hard token budgets and step count limits.
Source: Aggregated from production observability data and published incident post-mortems across engineering blogs, 2023–2025. Categories reflect practitioner taxonomy, not a single academic study. Proportions are representative estimates based on reported failure mode frequency.
4.2
Incidents/week (0 evals)
1.4
Incidents/week (output + trajectory)
0.2
Incidents/week (full + adversarial)
95%
Reduction possible
Eval Coverage vs Production Incident Rate
Inverse correlation between eval suite completeness and production incident frequency. Each data point represents an agent deployment configuration. Adding trajectory evals to output evals roughly halves the incident rate again.
Biggest Single Gain
Moving from 0 evals to basic output evals reduces incidents from 4.2 to 2.8 per week — a 33% reduction. This is the highest-leverage single investment any team can make. Basic output evals take one day to write.
Compounding Returns
Each eval type catches a different class of failures. Output + trajectory + tool evals together reduce incidents by 86% vs zero evals. The improvements compound because each type catches failures the others miss.
Adversarial Evals
Adding adversarial evals (prompt injection attempts, malformed inputs, extreme edge cases) reduces the full-suite incident rate from 0.6 to 0.2 per week — a further 67% reduction. These are the hardest evals to write but catch the tail-risk failures.
The ROI Calculation
One production incident typically costs 4–20 hours of engineering time to diagnose and remediate. A full eval suite takes 3–5 days to build. At 4+ incidents per week without evals, the eval suite pays for itself within the first month of deployment.
Practical Sequencing
Start with output evals (1 day to write) — this single investment eliminates one-third of incidents and gives you the biggest immediate return.
Add trajectory evals in week 2 — these catch the "right answer, wrong reasoning" failures that are dangerous at scale because the reasoning won't always get lucky.
Add tool selection evals after your first real incident — you will know exactly which tool was called incorrectly, which makes the eval trivial to write.
Adversarial evals after 30 days — by then you have enough production data to know which edge cases are actually exploitable in your specific deployment.
Source: Representative data synthesized from published engineering post-mortems, LangSmith eval documentation case studies, and practitioner survey data (2023–2025). Specific incident rates will vary by agent type, task complexity, and domain. The inverse correlation pattern is consistent across all reported datasets.
8%
Customer service
31%
Financial analysis
74%
Legal review
89%
Autonomous trading
HITL Intervention Rate by Domain
Percentage of agent runs in each domain that require human review before action. Higher rates reflect higher stakes, greater regulatory scrutiny, or less mature agent performance in that domain. Most autonomous trading agents remain in shadow or canary mode — the 89% reflects those that have graduated to HITL.
Low HITL Domains
Customer service (8%) and code generation (12%) have the lowest HITL rates. Tasks are well-scoped, reversible, and the cost of a wrong answer is low. These domains were the first to reach near-autonomous deployment in production.
High HITL Domains
Legal document review (74%) and medical triage (67%) remain heavily human-reviewed. Liability, regulatory requirements, and the irreversibility of errors in these domains make autonomous action inappropriate regardless of model capability.
The Regulatory Effect
Financial analysis (31%) is higher than its task complexity alone would suggest. Regulatory requirements — particularly post-EU AI Act — mandate human oversight for financial recommendations, keeping HITL rates elevated even for well-performing agents.
Trading Agents Reality
The 89% rate for autonomous trading reflects the state of maturity: most serious trading organizations have their agents in shadow or canary mode, not HITL. The 89% figure captures the minority that have graduated to HITL — and still require human review for nearly all actions.
What This Means for Your Deployment
Your domain's appropriate HITL rate is not a model capability question — it is a risk, liability, and regulatory question. High-HITL domains stay high-HITL even as models improve.
Customer service and code generation reaching sub-10% HITL rates shows that near-autonomous deployment is achievable — but only after the shadow and canary phases have been completed rigorously.
If your domain involves any of: financial decisions, medical information, legal interpretation, or personal data — assume high HITL rates are permanent, not transitional. Design your product around them, not against them.
The path to lower HITL rates is not faster promotion — it is more rigorous shadow and canary data collection, which earns trust action-class-by-action-class rather than wholesale.
Source: Representative estimates based on published deployment case studies, practitioner surveys (Stack Overflow AI Survey 2024, LangChain State of AI Agents Report 2024), and reported enterprise pilot data. Figures are domain-level estimates and will vary significantly by specific use case, organization risk tolerance, and regulatory environment.
www.engineersofai.com  ·  AI Letters #09  ·  Agentic AI A-Z Series