Engineering questions on building agents.

Anthropic distinguishes the two by who decides the path. A workflow follows a predefined path through code: the developer writes the steps, the LLM fills in narrow choices. An agent decides the path at runtime: the LLM picks the next action from a tool set, observes the result, and chooses the next step. The distinction matters because workflows fail predictably and agents do not. See the five patterns for the workflow shapes that sit between the two extremes.

No. Vendor docs from Anthropic, OpenAI, and Google all start with a single LLM call augmented with tools. Frameworks become useful when the agent's structure requires features the framework provides for free (state checkpoints, durable execution, multi-agent orchestration, observability hooks). Start without one, add one when measurement shows the simple case is insufficient. See frameworks for the category overview and how to build an AI agent for a from-scratch tutorial.

Prompt chaining is typically the cheapest of the five patterns when chain depth is capped, because there is no orchestrator overhead and no parallel fan-out. The trade-off is latency: chains run sequentially. Vendor pricing pages (Anthropic, OpenAI) publish the per-token rates needed to forecast cost.

Orchestrator-worker is the most expensive because the orchestrator's planning call runs in addition to N worker calls and a synthesis call. The cost is variable per input. Worker caps and per-task budget caps are the standard mitigations. See orchestrator cost spike for the canonical failure mode.

MCP is a vendor-agnostic protocol for exposing tools, resources, and prompts to LLM-based agents. Introduced by Anthropic in late 2024 and adopted by other vendors through 2025. It standardises how an agent discovers and invokes tools across different runtimes. See the glossary entry for an anchor.

Agents are stateful, non-deterministic, and use tools that change between runs. Reliability matters more than peak capability because the consequence of unreliability is usually retry cost. Public agent benchmarks (AgentBench, SWE-Bench, GAIA, ToolBench) measure capability; reliability and cost discipline require application-specific harnesses. See evaluating an agent.

Prompt injection is the most-discussed in the public literature and is named LLM01 in the OWASP Top 10 for LLM Applications. Direct prompt injection puts adversarial instructions in user input; indirect prompt injection (Greshake et al., 2023) hides them in tool output. Mitigation is architectural: input sanitisation, capability isolation, and human approval for high-stakes actions. See failure modes.

When distinct competences warrant distinct prompts and possibly distinct models, when agents must operate concurrently with shared state, or when the system models a problem that is itself multi-actor. Most production cases that look like multi-agent can be handled by a single agent with a larger toolset and a clearer plan. See multi-agent systems.

A chatbot generates a reply to user input. An agent decomposes a goal and pursues it across multiple steps, using tools to read and write state outside the conversation. Both can run on the same underlying model; the difference is in the surrounding architecture. See whatisanaiagent.com on agent vs chatbot for the cornerstone treatment.

Start with a single LLM call augmented with two or three tools, the four-step loop, and a budget cap. Anthropic, OpenAI, and Google all publish reference implementations in their cookbooks. Add a pattern (chaining, routing, parallelization) only when measurement shows it helps. Add a framework only when the application's structure makes the framework's primitives cheaper than rewriting them. See how to build an AI agent.