AI Agents: What Risks DO They Present To Vendors and Users?

AI agents represent the next significant tech breakthrough in 2025. As AI systems become increasingly advanced, agents expect to contribute enhanced operational efficiency while being a powerful tool for assisting businesses with decision-making processes.

However, these improved capabilities come with increased legal, regulatory, and ethical risks. Vendors and users must understand these potential issues to implement measures to mitigate liability.

This article explores the different types of AI agents, their benefits and risks, and how providers and organisations can protect themselves. It also addresses how AI agents align with regulatory frameworks, notably the EU AI Act.

What Are AI Agents?

AI agents are advanced artificial intelligence systems that perform tasks autonomously using various AI techniques, such as machine learning and natural language processing (NLP). They differ from traditional large language models (LLMs) as they use external sources and their existing data to achieve user objectives.

Agents can also store information and use such memories to create proactive and more detailed future outputs. The systems draw on these past interactions to improve their performance over time and minimise the need for human oversight.

Types of AI Agents

There are five primary types of AI agents:

1. Simple reflex agents

These are the most basic systems, which react to prompts and inputs based on the current situation and a set response. They can’t draw from past experiences or use memory to develop their outputs.

For example, a chatbot giving a pre-programmed response to consumer queries.

2. Model-based reflex agents

These agents can store past interactions in their memory and use them to make better-informed decisions. They have an “internal model of the world”, meaning they consider previous information and context before responding.

For example, a fraud detection system that analyses past transactions to identify new suspicious ones.

3. Goal-based agents

These programmes work towards a goal instead of just reacting to a prompt. They assess various potential actions and select the one that best helps them achieve their objective.

For example, a GPS navigation system that chooses the fastest or most straightforward route.

4.Utility-based agents

These agents go beyond goal-based systems by evaluating each step to achieving the goal and suggesting ways to maximise utility. They measure the possible outcomes at each stage based on user criteria and determine the most favourable option.

For example, a streaming platform recommends TV shows based on various personal preferences and the likelihood that the user will enjoy them.

5.Learning agents

These are the most advanced programmes, as they use memory to improve their output over time. They learn from past experiences and can adapt to new environments, meaning their knowledge always develops.

For example, AI-operated stock trading systems adjust investment strategies by assessing market trends.

What Are the Benefits of AI Agents?

Multiple industries can benefit from using AI agents as they help improve efficiency, scalability, and decision-making. The main advantages are highlighted below.

• Efficiency and productivity

Autonomous AI systems can automate more complex tasks, optimising workflows and reducing the need for human resources. This helps organisations achieve their objectives faster and on a larger scale.

• Decision-making

The programmes’ ability to analyse external data and learn from past experiences to inform their outputs means businesses can make better-informed and more tailored decisions.

• Costs

Organisations can reduce staffing costs by automating complex functions. Although AI agents require some human oversight, this is far less than is usually required for standard LLMs. The more advanced types of agents are also designed to minimise mistakes and reduce the costs associated with human error.

• Scalability

Agent systems can manage multiple tasks at once, unlike their human counterparts. This allows businesses to scale operations quickly.

• Personalisation

The agents’ learning and predicting abilities help enhance user experiences by personalising recommendations, content and interactions.

What Are the Risks Associated with AI Agents?

Although AI agents have multiple benefits, they pose various risks for users and providers. AI is developing rapidly, but there remains a notable lack of regulation in this area, leaving organisations vulnerable to inadvertent regulatory breaches. The main risks are summarised below.

• Lack of transparency

There is much uncertainty about how deep learning models, like AI agents, analyse information and make decisions. This poses a regulatory challenge for users who must explain their AI-driven decisions under laws such as the EU AI Act. 

• Data privacy and security

Agents must access and process vast amounts of data to carry out their functions, often including private and sensitive information. Vendors must comply with relevant data protection laws like GDPR to avoid facing substantial penalties.

Due to the volume of information they process, AI agents are also a prime target for cybercriminals, so companies must conduct due diligence to avoid information leaks.

• Bias and discrimination

While AI agent systems are more advanced, they still inherit data from external sources, which could be biased. This is a particular issue in areas like human resources, financial services, and law enforcement, where a program might base its output on previous discriminatory practices.

• Lack of knowledge about data sources

A significant issue for AI agent vendors is not fully understanding the datasets used to train their models. Providers who don’t know what data influences the agent risk unintentionally introducing inaccuracies or outdated information into their systems, exposing themselves to legal ramifications and cybersecurity threats.

How Can Vendors and Users Protect Themselves?

Those using and selling AI agents can introduce proactive measures to mitigate risk and avoid liability. Both parties should implement robust contracts, data security practices, and compliance strategies.

• Measures for vendors

Providers developing and selling AI agents must ensure they aren’t disproportionately responsible for how organisations use their models. They can do this by:

• Defining each party’s responsibilities in contracts, particularly regarding compliance, data protection, and risk management.

• Including limited liability clauses to cap financial penalties.

• Implementing strong data security measures that comply with relevant laws, like GDPR and the EU AI Act.

• Include indemnification clauses in contracts, requiring users to bear responsibility for regulatory compliance and appropriate AI agent use.

• Measures for users

Businesses deploying AI agents must be careful not to expose themselves to liability arising from biased outputs, data privacy violations, and regulatory breaches. They can do this by:

• Conducting in-depth research on their preferred vendors and requiring them to provide documentation on the AI agent’s training data.

• Asking providers to give evidence of their attempts to mitigate biases and improve decision-making processes.

• Carrying out regular AI audits to ensure compliance with legal and ethical standards.

• Negotiating contract terms and service level agreements to protect themselves from potential failures and legal violations.

AI Agents and the EU AI Act

Governments and regulatory bodies continue to establish regulatory frameworks to manage the risks associated with AI, including the recent introduction of the EU AI Act. This legislation categorises AI systems based on risk levels and imposes stricter requirements on high-risk applications, including enhanced human oversight.

However, the Act doesn’t reference AI agents, so whether these systems fall within the high-risk category is unclear. In practice, regulators will likely classify agents based on their degree of autonomy and application. For example, a utility-based model used in financial services will likely be deemed high-risk.

Another potential misalignment is the need for human intervention in AI agents. By definition, agent systems are designed to function autonomously and with minimal human input. Regulators, therefore, face the issue of identifying when and how they should enforce such oversight for AI agents.

The UK government has also highlighted the risks of autonomous AI and the need to introduce new regulations to address such challenges. However, it has not yet taken any formal steps regarding new laws in this area.

Conclusion

The growing use of AI agents offers excellent potential for businesses to improve operations, boost scalability, and enhance consumer experiences. Whether simple reflex or learning agents, these models provide advanced capabilities, allowing organisations to automate complex tasks, minimise human error, and personalise outputs.

However, these developments come with substantial risks. Vendors and users must manage these issues carefully, including the lack of transparency in decision-making processes, data privacy concerns, and the potential for bias.

More comprehensive regulatory frameworks, such as the EU AI Act, are urgently needed to address these challenges and provide clear guidelines for compliance. In the meantime, vendors and users must take steps to protect themselves, ensuring they meet legal and ethical standards to avoid regulatory breaches.

To safeguard against these risks, vendors and users must be proactive and establish clear contracts, define responsibilities, and include strong data protection measures. Users should conduct thorough audits of AI systems and require transparency from providers regarding training data. Collaboration between all parties is essential in creating a safe framework for AI agent use.