The Word "Agentic" Has Lost All Meaning

Every AI support tool launched in 2025 and 2026 calls itself "agentic." The word used to mean something specific: an AI system that can take actions in the real world, not just generate text. Process a refund, cancel a subscription, update a shipping address, create a Jira ticket.

Now it means "we gave an LLM access to some APIs and let it figure out what to do." That's not agentic. That's reckless.

The Gap Between Answering and Acting

Traditional chatbots answer questions. You feed them a knowledge base, they retrieve relevant articles, they generate a response. When the customer asks "how do I reset my password?" the chatbot finds the help article and rephrases it. Useful, but limited. The customer still has to go do the thing themselves.

An AI agent would detect the intent (password reset), verify the customer's identity, trigger the password reset flow, and send the confirmation email. The customer's problem is solved in the conversation, not after it.

That's a real difference. A February 2026 Gartner survey found that 91% of customer service leaders are under pressure to implement AI, with improving customer satisfaction and first-contact resolution as top priorities. The reason is straightforward: customers don't want to be told how to fix their problem. They want it fixed.

Why Most "Agentic" Implementations Are Dangerous

Here's what typically happens when a company adds "agentic" capabilities to their support AI.

They take an LLM (usually GPT-4 or Claude). They give it access to internal APIs through function calling. They write a system prompt that says something like "you are a helpful support agent with access to the following tools." Then they deploy it.

The LLM decides when to use which tool based on conversation context. There's no explicit intent classification. There's no confirmation step. There's no spending limit. The model just... does stuff.

This is how you get an AI that processes a $500 refund because a customer said "this is frustrating, I want my money back" during a conversation about a $5 feature. The LLM interpreted "I want my money back" as a refund request and had the API access to execute it. No human reviewed it. No classification model confirmed the intent. No confirmation was shown to the customer.

I've talked to three companies in the last two months who had exactly this kind of incident. One processed over $12,000 in unauthorized refunds before someone noticed.

The Safe Architecture: Classify First, Then Act

The responsible way to build agentic support isn't complicated. You just add a step that the "move fast" crowd skips.

Step one: classify the customer's intent. Not with an LLM making a judgment call, but with a purpose-built classification model trained on support data. Is this a refund request? A shipping question? A bug report? A billing inquiry? A classification model with 315 intents and 92% accuracy will get this right in under 200 milliseconds.

Step two: based on the classified intent, present the customer with a confirmation. "It looks like you want a refund for order #4521. Is that right?" If yes, proceed. If no, reclassify or escalate to a human.

Step three: execute the action. Process the refund, update the order, create the ticket. But only after the intent is confirmed and the action is within defined guardrails (refund limits, order modification rules, escalation thresholds).

Step four: if the intent is ambiguous, the confidence score is low, or the action exceeds limits, escalate to a human. Don't guess.

This is how Supp works. The classifier handles intent detection at $0.20 per classification. When an action is needed (and confirmed), it executes at $0.30 per resolution. The total cost for a resolved ticket with an action is $0.30. Compare that to an LLM-based agent burning through tokens on every interaction at $0.99 or more.

What "Agentic" Should Actually Mean

A real AI agent in customer support has five properties.

It detects intent accurately, not probabilistically through an LLM prompt but through a trained classifier.

It confirms before acting. No silent refunds, no surprise cancellations. The customer sees what's about to happen and approves it.

It knows its limits. When confidence is low or the request is complex, it routes to a human instead of guessing.

It's auditable. Every action has a paper trail: what was classified, what confidence score it got, what the customer confirmed, what action was taken.

It costs predictably. You know what each resolution costs before it happens. No token-counting surprises.

The Market Will Sort This Out

The companies deploying unguarded LLM agents will have incidents. Some already have. When a single AI mistake costs more than a month of the tool's subscription, teams start asking harder questions about architecture.

The pendulum will swing. Right now, "agentic" is a marketing term. In 12 months, it'll be a liability term for companies that shipped API access without guardrails. The teams that built classification-first, confirmation-required architectures will be the ones still running their AI in production without incident reports.

Don't ship an agent that can act without asking. Your customers and your finance team will both thank you.