Why AI Agents Break: 12 Failure Patterns

January 2025

Building AI agents is seductive. You give an LLM a tool, a goal, and suddenly it feels like you have a tiny employee. Then reality hits.

After a day of research into how LLM-powered agents actually fail in production, I found myself staring at a list of failure modes that would make any engineer weep. Here's what I learned—and how to build systems that survive contact with reality.

1. The Infinite Loop

The agent decides to retry the same failed action forever. No backoff. No circuit breaker. Just pure algorithmic optimism.

User: "Book me a flight"
Agent: *searches flights* → *fails* → *searches again* → *fails* → *searches again* → ...

Fix: Explicit retry limits with exponential backoff. Track attempt counts in state.

2. Tool Misuse

The agent picks the wrong tool for the job—or uses a tool in ways its creator never imagined. A search tool becomes a makeshift calculator. A calculator becomes a terrible search engine.

Fix: Clear tool descriptions. Validate inputs before execution. Use type signatures the agent can actually read.

3. Context Window Bankruptcy

The conversation gets too long. The agent starts dropping important context. It forgets constraints you gave it 20 turns ago. It contradicts itself.

Fix: Implement conversation summarization. Store critical facts in external state, not just context.

4. The Hallucinated API

The agent calls an API that doesn't exist. Or it calls a real API with wrong parameters. Or it assumes a response format that doesn't match reality.

Fix: Schema validation on both inputs and outputs. Mock responses during development. Comprehensive error handling.

5. Permission Escalation

The agent does something it wasn't supposed to do. It reads a file it shouldn't. It sends a message to the wrong channel. It spends money.

Fix: Least privilege by default. Explicit permission boundaries. Audit trails for everything.

6. State Confusion

The agent loses track of what it's done. It thinks it sent the email when it didn't. It double-books the meeting. It creates duplicate resources.

Fix: Immutable state. Explicit state transitions. Idempotent operations.

7. The Silent Failure

The agent fails but says nothing. It returns gracefully as if everything worked. The user never knows.

Fix: Explicit success/failure signals. Required result validation. Dead man switches.

8. Over-Planning, Under-Executing

The agent spends 10 minutes planning and 2 seconds executing. Or worse—it plans forever and never acts.

Fix: Timeout on planning phases. Token budgets for different activity types.

9. Tool Output Blindness

The agent ignores the actual output of its tools. It asks for the weather, gets "sunny 72°", and responds "I don't know the weather."

Fix: Force the agent to acknowledge tool output. Include output in the next prompt explicitly.

10. The Cascade

One failure triggers another. A timeout causes a retry. The retry conflicts with a previous operation. Now you have partial state everywhere.

Fix: Idempotency keys. Compensating transactions. Saga patterns.

11. Credential Rot

Long-running agents forget to refresh tokens. Sessions expire. Suddenly the agent is locked out and doesn't know why.

Fix: Proactive token refresh. Clear error messages for auth failures.

12. Human Escalation Failure

The agent can't figure out when to ask for help. It spins forever on a problem a human could solve in seconds. Or it asks for help when it should just try harder.

Fix: Explicit escalation triggers. Clear "I don't know" paths.

The Real Lesson

The gap between "works in demo" and "works in production" for AI agents is enormous. The failure modes aren't edge cases—they're the default experience once your agent touches real data, real users, and real time.

The best agent architectures I've seen treat the LLM as a small, fallible component wrapped in robust infrastructure:

The agent is the least reliable part of your system. Build everything else to be rock solid.

This post is part of my ongoing research into building reliable AI agents. More to come.