Key takeaways
- Before deployment, companies must question if and why AI agents are necessary.
- Finding the right model for the job is important.
- System rules and training need to be clear and focused.
Amid reams of advice that the UK National Cyber Security Centre (NCSC) has to offer organisations on the adoption of agentic AI, one piece stands out: “If you cannot understand, monitor or contain an agent’s actions, it is not ready for deployment.”
The NCSC worked with international counterparts in the US, Canada, Australia and New Zealand to publish guidance advising that agentic AI developers, vendors and operators should implement “a layered defence and strict access controls” to reduce the possibility of systems being compromised.
If you’re thinking about using an agent for any tasks, these are the four steps you need to take to set up an AI agent properly and safely. You need to start by outlining the task you want the agent to do and set its initial parameters.
1. Define the scope
The workflows and processes you intend to deploy agents for should, of course, be clearly defined. Ask yourself the questions:
- Do we need agentic AI for this project at all?
- Can it or should it be completed by other technological means?
For example, the task you’re planning to hand over to the agent may be fulfilled using simple automation. This is well-established technology and does not involve the sorts of risks that can come with agents.
Use a feasibility test to interrogate every aspect of the decision-making process. It will not be the companies spending the most on AI tools or deploying them the quickest that will succeed. Rather, the ones with the safest and most efficient integration of any technology into their workflows.
2. Select the agentic model and platform
Once the feasibility for AI agents is established, the search and selection of the appropriate models and agentic frameworks for your business needs can begin. IBM recommends that prospective customers use the following criteria to match the incoming technology to the organisation:
- Project complexity: which will determine whether single agents or multiagent configurations are needed.
- Data privacy and security: whereby the vendor must demonstrate the strength of an agentic framework’s protection capability, such as data encryption, access controls and removal of sensitive data.
- Ease of use: where your AI developer team’s skill levels will determine whether you need a novice-friendly, no-code AI framework, such as CrewAI, or one demanding more skill, such as Microsoft’s Semantic Kernel, for enterprise-grade AI deployment.
- Integration: namely, how compatible is a particular AI framework with your existing technology stack, its current infrastructure, data source and tools?
- Performance: how well does an AI framework operate under heightened conditions? Will crucial time be lost due to latency during extraordinary processing periods?
- Scalability: is a particular framework easier to expand or contract with your own future needs?
A lot of this reflects the considerations needed for any software implementation, as outlined by ICAEW previously.
Think about licensing for the use of AI models, most will be available via a subscription model.
You will also need to consider whether you will build an agent on a freely available platform, such as Copilot, or whether to create something more bespoke. The risks of misinformation, hallucination or data vulnerabilities increase the more ‘off-the-shelf’ the model is. More work will be needed to ensure that the model picks its information from the right sources, and that data protections are in place.
3. Create system rules
In the same way that there are staff handbooks and modes of conduct prescribed to the human workforce, so there should be comprehensive, documented instruction and expectations directed at AI agents. The same goes for performance appraisals, where agents’ productivity outcomes can be measured against any initial task goals set.
A catalogue of prompts used with agents should be kept, serving as a reference for any investigation, but also as intellectual property that can be improved upon as familiarity with the agent builds.
4. Training and knowledge integration
When training the agent, it’s important to ensure ‘context awareness’ is in place. The agent needs to understand methodologies, processes, documentation requirements, templates and regulatory frameworks. This will also need to be continuously updated as processes and regulations evolve.
Continuous training is needed beyond the pilot stage as AI agents progress within the workflow and their tasks become more complex. Be aware that AI tools come with a risk of ‘model drift’ – the gradual degradation of a model’s accuracy.
“You need to establish a growth mindset in your organisation to be able respond to these changes, adopt them, embrace them. As human beings, we're not really used to that.” says Joris Van Der Gucht, founder and CEO of Ravical, an agentic AI platform specialising in the accounting and professional services sectors.
Helpful resources
- National Cyber Security Centre: Think carefully before adopting Agentic AI
- Careful adoption of agentic AI services (security guidance co-produced by the UK, the US, Canada, Australia and New Zealand)
- The GenAI Divide: state of AI in business 2025 (research produced by MIT’s project NANDA)
- Leading AI Models are consistently breaking the law (Aithos research foundation)
Accounting Intelligence
ICAEW has created a range of resources to support members in business and practice build their understanding of AI. There are video masterclasses, as well as features discussing opportunities, challenges, limitations, risk management and ethics.
- Setting up an AI agent correctly: initial steps
- How Gerald Edelman took the pain out of succession planning
- Last chance for audit firms to join FRC’s tech and AI sandbox
- HMRC’s 31 July deadline approaches in roll-out of multi-factor authentication
- UK-India social security agreement to come into effect soon