AI agents sit at the top of the hype curve in 2026 — and that is exactly the problem. Gartner expects more than 40% of agentic AI projects to be cancelled by the end of 2027 — due to escalating costs, unclear business value and inadequate risk controls. At the same time, Bitkom reports that 41% of German companies now actively use AI, twice as many as the year before. Both numbers are true — and they say the same thing: the difference between impact and disappointment is not the model, it is the discipline of scoping.
In practical terms, an AI agent is a system that pursues a goal, processes context, uses tools and evaluates intermediate results. The difference from a classic chatbot is not the interface, but the depth of action. This article explains which processes genuinely fit, what governance an agent needs, what the EU AI Act demands in 2026, and how a serious start looks in 90 days.
What an AI agent really is — and what it isn't
An AI agent is not a better chatbot, it is a system with depth of action. It usually consists of five layers: a goal (for example "prepare a qualified answer to this request"), context (CRM data, documentation, policies, tickets), a model that understands language and prepares decisions, tools (APIs, databases, search indexes, calendars) and control (rules, permissions, logs, approvals).
The quality of an agent depends less on the model name than on the architecture around it. A strong model with poor context will hallucinate. A well-integrated agent with limited permissions and proper evaluation creates measurable value even in narrow tasks. Not every process needs an agent at all — many companies jump to the most complex solution and overlook simpler paths.
| Solution | When it fits | Example |
|---|---|---|
| Chatbot | Users ask questions, answers from a knowledge base | "How do I reset my password?" |
| Workflow automation | Steps are deterministic (if A, then B) | "Lead submits form → create CRM record" |
| AI agent | Language, context and decision come together | "Analyse the request, check account data, propose three follow-ups and a meeting slot" |
The market reality in 2026: lots of hype, little production
The gap between interest and production use is huge in 2026. Gartner predicts that around 40% of enterprise apps will feature task-specific AI agents by 2026, up from less than 5% in 2025. Yet according to Gartner's CIO survey, only around 17% of organisations have agents running in production. Part of the hype is "agent washing": Gartner estimates that of thousands of vendors, only about 130 offer genuine agentic capabilities.
McKinsey sees a similar picture: most companies experiment with agents, but only a minority truly scale them, and security and risk are the most common barrier. The lesson is sober — build a narrow, measurable use case cleanly and you join the productive minority; try to "automate everything" and you land in the cancellation third.
Which processes are suitable for AI agents
Good candidates meet four criteria: frequent, rule-aware, data-rich and reviewable. The agent does not need to decide everything alone. It needs to make a clearly defined part of the process faster, more consistent or more complete — ideally with a human reviewing the result.
| Process | Fit | Why |
|---|---|---|
| Support triage | High | Tickets can be classified, summarised and enriched with sources. |
| Sales briefings | High | CRM, website and call notes are condensed into a briefing. |
| Proposal preparation | Medium to high | The agent suggests building blocks, flags risks and drafts follow-up questions. |
| Document search | High | Internal knowledge bases, contracts and policies become easier to use. |
| Recruiting screening | Use caution | Fairness, privacy and potential high-risk classification require careful review. |
| Legal or financial decisions | Only with strict control | These need traceable rules, human approval and governance. |
The best first use case is rarely the biggest one, but the one that can be measured: processing time, first-resolution rate, error rate, answer quality or manual rework. More on choosing candidates realistically is in our piece on AI use cases in the enterprise.
Architecture and governance: what makes an agent operable
A production-grade AI agent needs more than a prompt. The most important layers are clear data access (which sources may the agent read?), a permission model (suggest only, or act?), clean retrieval (how are documents found, ranked and cited?), controlled tool calls (which APIs with what parameters?), regular evaluation, a complete audit log and a defined human-in-the-loop for critical steps.
Without an audit log, an agent is hard to operate. Without permissions, it becomes risky. Without evaluation, nobody knows whether quality is improving or only the demo looks impressive. This is exactly where a project lands in the Gartner statistic — or not. The most common mistakes are too much autonomy too soon, poor context and no product ownership. How to manage these risks in a structured way is covered in Risks in AI software projects.
EU AI Act 2026: what the Digital Omnibus changes
AI governance is not optional in the EU — but the timeline shifted in 2026. The AI Act has been in force since 1 August 2024 and follows a risk-based approach: minimal risk means few obligations, while high-risk systems must meet strict requirements. Obligations for general-purpose AI models have applied since 2 August 2025; transparency obligations for AI interactions and generated content apply from 2 August 2026.
What is new: the Digital Omnibus (political agreement of 7 May 2026) deferred the obligations for standalone high-risk Annex III systems from 2 August 2026 to 2 December 2027, and product-embedded systems (Annex I) to 2 August 2028.
| Milestone | Date | Relevance for agents |
|---|---|---|
| AI Act in force | 1 Aug 2024 | Framework applies, no concrete duties yet |
| General-purpose AI models | 2 Aug 2025 | Obligations for model providers (GPAI) |
| Transparency obligations | 2 Aug 2026 | Labelling of AI interaction and content |
| High-risk (Annex III) | 2 Dec 2027 | Deferred via the Digital Omnibus |
In practice, an internal agent that summarises support tickets is assessed differently from a system that screens job applications or supports medical decisions. Document early: purpose, data sources, model provider, data locations, permissions, known risks and escalation paths. This is not only compliance — it makes the agent easier to test, maintain and extend.
From use case to decision in 90 days
A realistic start does not require a multi-month platform strategy, but a focused sequence. The roadmap below takes an agent from concept to a solid decision — without a large up-front investment.
First you pick three candidates and score them by value, effort, risk and data readiness. Then you clarify which systems are connected, which data is personal and which actions the agent may perform — the most important architecture decisions. Next comes a prototype with real test cases rather than a demo, then an assisting pilot where humans review outputs and mark errors. At the end you decide on data: scale, limit or stop. That way you learn early instead of building expensively in the wrong direction.
Next steps
Three questions clarify whether an agent is worth it for you:
- Process: Does it occur at least weekly, with recurring input data?
- Measurability: Can "good" be judged objectively — in time, quality or revenue?
- Control: Are the data sources accessible, and can a human approve critical steps?
If you answer several of these clearly with yes, a structured look is worthwhile. At hafencity.dev we usually start such initiatives with an AI strategy and a concrete agent pilot before it grows into an AI integration within business-critical workflows. If you want to know whether your process holds up, book a first conversation — or first take a look at our AI agents service.
