What Exactly Is an AI Agent? History, Architecture, and Future Challenges

Recent news about the Chinese AI startup Manus sparked interest in AI agents, but the real focus is understanding what an AI agent is: a system that can autonomously perceive its environment, plan, and act to achieve specific goals.

1. From Expert Systems

The concept dates back to the 1960s when researchers aimed to make machines sense, decide, and act like humans. Early attempts were rule‑based expert systems such as Stanford's MYCIN for medical diagnosis and DEC's XCON for configuration. These systems required exhaustive if‑then rules, which proved impractical for complex real‑world scenarios.

In the 1990s, machine‑learning agents emerged, using reinforcement learning to acquire behavior through trial and error. The breakthrough came in the 2010s with deep learning and, especially, the 2017 Transformer architecture, enabling large language models (LLMs) like GPT and BERT to understand natural language without handcrafted rules.

2. Modern AI Agent Shape

An AI agent is defined as a system that can independently perceive, plan, and act to fulfill a goal. For example, instead of merely replying "please book the ticket yourself," a true AI agent would understand travel dates, budget, preferences, search multiple airlines, compare options, and possibly complete the booking via an API.

The key difference from ordinary AI applications is proactive problem solving rather than passive answering.

3. Core Technologies and Architecture

3.1 Perception Module

This "eyes and ears" component parses user input and extracts both state context (objective facts such as programming language, project dependencies, database type) and intent context (subjective goals like "optimize this code"). Accurate perception is essential; confusing state with intent leads to failures.

Multimodal perception: handles text, images, audio, video.

Proactive questioning: asks clarifying questions when information is insufficient.

History analysis: leverages past interactions to infer current intent.

Environment probing: inspects configuration files, dependencies, test suites before acting.

3.2 Reasoning Module

The "brain" is typically an LLM (e.g., GPT‑4, Claude, Gemini). Models exhibit different "personalities":

Thinking models (Claude 3 Opus, Gemini 2.0 Flash, o1) – explore, infer, and plan, suitable for exploratory or complex tasks.

Execution models (Claude 3.5 Sonnet, GPT‑4 Turbo, 文心一言 4.0) – follow explicit instructions, ideal for precise, deterministic tasks.

Choosing the right model is akin to selecting the proper tool: detailed instructions favor execution models, while high‑level goals benefit from thinking models.

3.3 Memory Module

Memory is divided into layers:

Sensory memory : short‑term facts about the current environment (e.g., Python 3.9, MySQL).

Working memory : task‑level state and intermediate results.

Episodic memory : dialogue history and past task records.

Semantic memory : permanent domain knowledge and best practices.

Implementation often uses Retrieval‑Augmented Generation (RAG). Modern RAG pipelines combine vector similarity, BM25 keyword search, entity linking, and graph‑based retrieval, with multi‑stage indexing and dynamic context windows.

3.4 Action Module

The "hands" of an agent, typically realized via function calling. Pre‑defined functions (search, database query, email, etc.) are described to the LLM, which decides which to invoke, supplies parameters, and handles multi‑step, parallel, or retryable workflows. Protocols like Anthropic's MCP standardize communication and security.

Safety measures include sandboxed execution, fine‑grained permission control, and audit logging to prevent misuse such as unauthorized code extraction.

4. Current Limitations

4.1 Hallucinations

Agents may fabricate APIs, generate plausible‑looking but false data, or over‑estimate their capabilities, especially in multi‑step tasks.

4.2 Reliability

Outputs can vary across runs due to model randomness, context drift, or external changes, making agents unsuitable for high‑risk domains without extensive verification.

4.3 Cost & Efficiency

Running powerful LLMs incurs significant monetary and latency costs; long‑context models mitigate some issues but introduce attention dilution and reasoning degradation.

4.4 Security & Privacy

Agents handle sensitive data, risking leakage, prompt injection attacks, and privilege abuse. Mitigations include differential privacy, sandboxing, and granular access controls.

4.5 Understanding & Reasoning Limits

Even state‑of‑the‑art models struggle with deep commonsense reasoning, long‑chain planning, and creative problem solving beyond narrow tasks.

5. Closing Thoughts

AI agents are still in their infancy. Their rapid progress—from conversational chatbots to code‑writing assistants—offers unprecedented productivity gains, yet they remain tools that require human oversight, creativity, and judgment.