Do I need an Agent?

From Automation to Agentic Experience — How to Know When You’re Ready

Author

Rohan Wickremesinghe
November 07, 2025

Editors note 

I attended a mixer last week with Block 71. It was an opportunity to meet other founders and see what they are doing, and what they are building. The big discussion point was agentic AI, and the usage of agents on mobile applications.

Whilst I think AX, or Agentic Experience is very impressive, its not necessary for everyone (right now), and if anything could be a hinderance or an increased security risk - which we will get into later.

One of my clients said they wanted to use Agents.

I was like - cool, what do you want to use it for?

Client: We want to automate stuff

Me: Ok - what would you like the Agent to do

Client: Not sure - we are still working that out.

The point of this is to outline, don’t just jump on the Agent bandwagon, because everyone is using it. Identify first what your business is doing, and which areas you would like to make more efficient, save more time, or just do better.

Identify what your levers are.

Cost, efficiencies, time, tolerance……..

The first step could be just to visit simple automation of a component of a process you want to improve.

It even could be to remove something, that actually is a roadblock.

The above gives you an opportunity to test a change that is new and see if it works, but more than just work - give you and your team an opportunity to see if you can manage the risk that comes with it.

If you jump into bed with AI or AX and you do it at scale without proper consideration, you may find out very quickly that you can’t manage it,

potentially have a system that doesn’t work the way you want it to,

and likely increase the level of risk.

The hidden risks of Agents

Agents do stuff.

In order for Agents to do stuff they need the abilities to do so.

We are so excited by the prospects of Agents saving us time, that we often don’t think about what access privileges we are giving to agents.

Agents suddenly become powerful collaborators as opposed to just being task oriented. This mean as a collaborator it has the right to not agree with you, and do stuff that it thinks is right - often without needing your approval.

Agents if done badly introduce the following:

  • Access systems and data that they shouldn’t

  • Perform actions it was not asked to do

  • Create a new attack surface for compromise - if not adequately protected

  • Unpredictability due to model drift

The adoption of agents like any other change should be subject to a change process.

As a start point the following should be asked:

Do I know what an agent is, and what I want it do do?

How will we apply professional scepticism, and challenge agent output?

Where is the agent sourcing its information from, and what is the basis for its logic?

What is our response plan if something goes wrong?

What are the governing roles and responsibilities?

Is AX coming?

100% its already here.

But you do need to be ready and prepared to take it on.

Interesting stuff

Stuff to think about over coffee

The below articles are ok as some simple and easy reading. I tend to compliment these with YouTube and Perplexity.ai.

With AI producing so much data it is important to clarify different points of view and have your own professional scepticism - Stay curious.

  • What Is Agentic AI, and How Will It Change Work? — Harvard Business Review article. [Good article but you need to be a subscriber] - I have added a few more!Harvard Business Review

  • Agentic AI vs. Generative AI — IBM think-piece clarifying the distinction and what agentic means in practice. - Good definition of difference between Gen AI and Agentic AI. IBM

  • Agent­ Experience (AX) is new term - why should you care? — An article exploring how product/design leaders are preparing for agents as “users”. Deeper thinking when it comes to using Agents, and the Agentic experience to get the most user value.ShiftMag

  • The future of customer experience: Embracing agentic AI — McKinsey & Company insight on how agentic systems shift experience and operations. I don’t fully agree with this one. You have to learn to crawl before you can walk, otherwise a world of pain. But worth a listen for different points of view.McKinsey & Company

  • Agent-Based Experience Design: The Future of UX in an AI World — A design-oriented take on AX and how it changes product thinking. Less clicks for us. We just care about the outcome. Agents taking this responsibility from us? Standard Beagle

This weeks myth

“If we adopt autonomous agents (AX) now, we’ll automatically be more efficient and more secure.”

Adopting agentic systems doesn’t guarantee improved efficiency or security. Without a clear purpose, defined boundaries, robust access controls and proper oversight, you may end up introducing new risks, inefficiencies, or blind spots.

Before you dive into the hype of AX, or the Agentic Experience - first understand what it is.

Agents will do stuff for you without being asked. If you have an experience in mind then map it out and draw what that looks like for you or your team.

AX is a collaboration and requires a lot of time to get right, without destroying the user experience. Collaboration means the Agent has a right to make decisions without you telling it what to do.

If the Agent is not designed correctly then this severely compromises the user experience and subsequently the effectiveness of the agent.

Interesting Reading

  • 🧑‍💼 Industry & government doubling down on “shared defence” — Mastercard’s recent commentary highlights that cybersecurity isn’t just an IT issue any more; it’s part of business strategy, commerce and innovation. Mastercard

  • 📦 Cargo theft meets cyber penetration — Logistics and freight firms are being targeted with remote-monitoring malware so attackers can bid on real shipments and steal goods. Supply chain risk meets physical loss. The Hacker News+2Dark Reading+2

  • 🤖 AI adoption outpacing safeguards — Organisations are rolling out agentic-AI and automation faster than they’re defining what the agents should do, or how they’ll be governed. That gap = risk. cybersecuritydive.com+2SecurityWeek+2

  • 📉 Vulnerabilities in the dev chain — A critical flaw in the “@react-native-community/cli” npm package (CVE-2025-11953) exposed dev environments to remote command execution. Developers now form a key risk group. The Hacker News

  • 🛡️ The face of cyber risk is shifting — New Q3 data from Cloudflare shows global internet-trends shifting (more traffic, more regional variance) which means attack surfaces are changing shape. TradingView

Thank you for joining our community as we look to share practical and thought provoking topics when it comes to technology and security.

If you haven’t already Click the signup button to subscribe and get the latest newsletter directly to your inbox.

We will do our best to provide well researched and tested theories. Please comment, agree, disagree, or share your own experiences.

We want this to be a safe space to share any opinions with the object of true learning and experiences.

Many thanks

Rohan