The most important change in artificial intelligence is not that models can write better paragraphs, summarize longer documents, or answer more questions. Those things matter, but they are no longer the frontier. The frontier is that AI systems are beginning to coordinate work. They can plan a sequence of steps, call software tools, move through digital interfaces, maintain state over time, and in some cases collaborate with other AI agents inside a managed workflow. The shift is subtle at first, because the user may still see a chat box. Underneath that surface, however, the architecture is changing from conversation to execution.
This is why agentic AI deserves more serious attention than another annual trends list. A chatbot helps a person think through a task. An agentic workflow can help an institution perform a task. It can retrieve policy documents, compare procurement rules, draft a memo, update a database, notify a colleague, request approval, and continue the process after a human decision. LangGraph describes this emerging layer as infrastructure for “long-running, stateful agents” with durable execution, memory, human-in-the-loop review, and observability built into the workflow.1 Microsoft’s AutoGen similarly frames the field around multi-agent applications, where agents can communicate, use tools, and coordinate to complete complex work.2
That distinction matters for CentPol’s audiences. For policy leaders, agentic AI raises questions about accountability, procurement, audit, and institutional readiness. For funders and partners, it changes what “AI capacity” means: not only training people to prompt a model, but helping institutions redesign workflows around human judgment and machine execution. For researchers, it opens a new agenda around evaluation, safety, public-sector adoption, and labor-market effects. For fellows and program participants, it signals a practical future in which the valuable worker is not merely an AI user, but a workflow designer, supervisor, and exception handler.
From chatbots to systems that act
The phrase “AI agent” is used loosely, but the institutional meaning is straightforward. An agentic system is an AI-enabled software system that can pursue a goal by choosing and sequencing actions in an environment. It may use a language model to reason, a set of tools or APIs to act, memory to retain context, and guardrails to limit what it can do. The result is not magic autonomy. It is bounded agency inside a designed operating environment.
OpenAI’s Operator, introduced as a computer-using agent, illustrates this direction by interacting with websites through a browser in order to complete tasks such as finding information or using online services.3 Anthropic’s computer-use capability for Claude similarly allows the model to perceive a screen, move a cursor, click buttons, and type text, while acknowledging that this capability creates new safety and reliability challenges.4 These releases are important not because every organization should immediately delegate work to browser-controlling agents, but because they show where the interface is going. AI is no longer confined to generating text in a separate window. It is being connected to the systems where work already happens.
The open-source ecosystem is moving in the same direction. LangGraph provides orchestration capabilities for agents that need persistence, memory, fault tolerance, streaming, and human intervention.1 AutoGen provides a framework for building systems in which multiple agents can converse and collaborate.2 CrewAI focuses on role-based agent teams and task execution across business workflows.5 OpenClaw presents itself as a local personal AI assistant that can connect to email, calendars, messaging, and other daily tools.6 Hermes Agent emphasizes persistent memory and automated skill creation.7 Some of these projects will mature; others may fade. The broader pattern is clear: developers are building an execution layer for AI.
| AI phase | Core interface | Institutional question | Main risk |
|---|---|---|---|
| Chat-based AI | A person asks; the model responds | How do we improve individual productivity? | Poor outputs, misuse, weak adoption |
| Tool-using AI | A model calls approved tools or APIs | Which tasks can be partially automated? | Data leakage, tool misuse, unreliable execution |
| Agentic workflows | Systems plan, act, pause, and escalate | How should work itself be redesigned? | Accountability gaps, hidden failure, automation without oversight |
| Multi-agent orchestration | Specialized agents coordinate across a process | How do we govern digital labor at institutional scale? | Complex failure chains, security exposure, unclear liability |
The table suggests why agentic AI should not be treated as a simple productivity upgrade. Once an AI system can act across tools, the implementation question becomes organizational. Who authorizes the workflow? What data can it access? Which actions require human approval? How are decisions logged? What happens when the system is uncertain? How does an institution know whether the agent is creating value or creating quiet risk?
Orchestration is the new capability layer
In most organizations, work is not a single task. It is a sequence of handoffs. A policy proposal moves from research to drafting, legal review, budget alignment, stakeholder consultation, revision, approval, publication, and implementation. A procurement process moves from needs assessment to market research, tender design, evaluation, contracting, performance management, and audit. A training program moves from recruitment to onboarding, instruction, mentoring, assessment, placement, and alumni engagement.
Agentic AI becomes powerful when it enters these sequences. The most valuable systems will not simply answer “what should we do?” They will help move work from one state to another, while leaving judgment, accountability, and political responsibility with people. This is why orchestration frameworks matter. They allow developers to design workflows where agents can run for longer periods, preserve context, recover from failure, involve humans at defined checkpoints, and produce traces that can be inspected.1
For institutions, the word “orchestration” should be taken literally. A good agentic workflow is not a swarm of uncontrolled bots. It is a score. Each agent or tool has a role, each handoff has conditions, and each escalation has a reason. The human role does not disappear. It changes from manual execution of every step to design, supervision, exception handling, and value judgment.
Microsoft’s WorkLab has described a future of “human-agent teams,” where employees manage constellations of agents and leaders consider the right human-agent ratio for different kinds of work.8 That language can sound futuristic, but the underlying logic is familiar. Organizations have always allocated work between people, processes, and tools. Agentic AI simply makes the tool layer more adaptive, communicative, and capable of taking intermediate actions.
The danger is that institutions will adopt agents in the same way many adopted earlier AI tools: as isolated pilots. A team builds a proof-of-concept. A senior leader sees an impressive demo. A few users experiment. Then the pilot stalls because it does not connect to procurement, data governance, legal review, cybersecurity, measurement, or workforce design. Agentic AI will punish that pattern more severely than chat-based AI. A chatbot pilot can remain marginal. An agentic workflow, if poorly governed, can touch core institutional processes before the institution is ready.
What agentic systems mean for work
The future of work debate has too often been framed as a contest between humans and machines. Agentic AI requires a more precise question: which parts of work should be automated, which should be augmented, which should be redesigned, and which should remain deliberately human?
Routine digital coordination is the first area likely to change. Many knowledge workers spend a large share of their time moving information between systems, preparing first drafts, checking status, scheduling meetings, formatting reports, searching for documents, and nudging processes forward. These activities are necessary, but they are not always where human judgment is most valuable. Properly designed agents can reduce the coordination tax that consumes institutional attention.
The second area is analytical preparation. Agents can gather documents, compare versions, summarize stakeholder positions, generate scenario briefs, and prepare decision options. This does not remove the need for expertise. In serious policy and strategy work, it may increase the need for expertise, because people will have to evaluate faster streams of machine-produced analysis and identify what the model missed. The skill premium shifts toward judgment, framing, verification, and synthesis.
The third area is service delivery. Public institutions, universities, research centers, development organizations, and civic programs all operate repetitive workflows with human consequences. Admissions, grants, fellowships, licensing, benefits navigation, compliance support, and program monitoring can be improved by well-governed automation. They can also be damaged by opaque systems that deny people recourse or embed bias into administrative pathways. The question is not whether agents can make service delivery more efficient. They can. The question is whether the institution has designed the safeguards that make efficiency legitimate.
The future of work will not be decided by AI capability alone. It will be decided by whether institutions can redesign work around human responsibility, machine assistance, and accountable delivery.
This is especially important for countries and institutions that cannot afford wasteful experimentation. Agentic workflows may help smaller teams deliver more sophisticated work. They may also widen gaps between organizations that can redesign around AI and those that only purchase tools. The central workforce issue is therefore not just automation anxiety. It is institutional adaptation.
The governance problem: action changes everything
Governance becomes more serious when AI systems can act. A model that gives bad advice creates one kind of risk. A model that can send emails, alter records, trigger transactions, scrape websites, or manipulate digital interfaces creates another. Anthropic’s announcement of computer use explicitly noted that giving models the ability to operate computers introduces distinct safety considerations, including the possibility of misuse and unexpected behavior.4
Traditional AI governance often focuses on model selection, data protection, bias, explainability, and acceptable use. Those remain necessary, but agentic systems add additional layers: tool permissions, action logs, escalation thresholds, identity management, runtime monitoring, incident response, and rollback. The governance object is no longer only a model. It is a workflow.
NIST’s AI Risk Management Framework is useful here because it treats AI risk management as a lifecycle practice built around governance, mapping, measurement, and management.9 For agentic AI, those functions need to be applied at the workflow level. Institutions should map where agents operate, what data they use, what actions they can take, who supervises them, how performance is measured, and how harms are reported and corrected.
| Governance question | Why it matters for agentic AI | Practical control |
|---|---|---|
| What can the agent access? | Agents can combine data across tools faster than people notice. | Role-based access, least privilege, data boundaries |
| What can the agent do without approval? | Low-risk drafting is different from sending, purchasing, changing records, or notifying citizens. | Tiered permissions and human approval gates |
| How is behavior recorded? | Without traceability, institutions cannot audit failure or improve performance. | Logs, traces, versioning, and evaluation records |
| What happens when it is uncertain? | Agents may continue confidently through ambiguous tasks. | Escalation rules, confidence thresholds, stop conditions |
| Who is accountable? | Responsibility cannot be delegated to software. | Named process owner, risk owner, and review body |
The procurement implications are equally important. Institutions should not buy “AI agents” as vague capability bundles. They should procure specific workflow outcomes, security guarantees, audit requirements, integration standards, and human oversight features. A vendor demo that shows an agent completing a task is not enough. Serious buyers should ask how the system fails, how it is monitored, how permissions are enforced, where data is stored, and how the institution can exit the tool without losing operational knowledge.
What serious institutions should do now
The most practical starting point is not to automate everything. It is to create a disciplined map of work. Institutions should identify high-volume, low-risk workflows where AI can reduce friction without making final decisions about rights, resources, or safety. They should distinguish between advisory tasks, drafting tasks, coordination tasks, and action-taking tasks. Each category requires a different control environment.
Second, institutions should build an agentic AI governance board or expand an existing AI governance function to cover workflow oversight. This should not be a symbolic committee. It should include policy, legal, cybersecurity, procurement, operations, data, and frontline users. Its role should be to approve use cases, define risk tiers, review incidents, and maintain standards for logging, evaluation, and human oversight.
Third, leaders should invest in workflow literacy. Many workers will not need to build agents from scratch, but they will need to understand how agentic workflows behave. They will need to know when to trust, when to verify, when to escalate, and how to describe a process clearly enough that it can be redesigned. The workforce skill is not only prompting. It is process thinking.
Fourth, institutions should measure value at the workflow level. If an agent saves time in drafting but creates more review burden, the value may be illusory. If it speeds up intake but increases error rates for vulnerable users, the public cost may exceed the administrative gain. Useful metrics include cycle time, error rate, escalation frequency, user satisfaction, staff burden, compliance quality, and decision transparency.
Finally, governments and funders should support public-interest experimentation. Agentic AI will likely be shaped by commercial platforms, but public institutions need shared knowledge, evaluation methods, model procurement guidance, and use-case libraries that reflect public values. The future should not be determined only by the fastest adopters or the most aggressive vendors.
The strategic choice ahead
Agentic AI is still early. Many systems are brittle. Some demonstrations are more impressive than their production performance. The language around “autonomous agents” is often inflated. Institutions should be skeptical of any claim that complex work can be safely delegated without redesigning governance and accountability.
But skepticism should not become inaction. The direction of travel is clear. AI systems are becoming more capable of operating across tools, remembering context, coordinating sub-tasks, and participating in workflows. The institutions that learn how to govern this shift will gain capacity. Those that treat it as another software feature may accumulate invisible risk.
The future of work will not arrive as a single disruption. It will arrive as thousands of redesigned workflows. A grant application reviewed faster. A policy memo assembled from better evidence. A procurement question escalated before it becomes a compliance problem. A fellow supported by a learning assistant that knows where they are struggling. A small team able to operate with the reach of a much larger one.
CentPol’s position should be clear: agentic AI is not mainly a technology story. It is an institutional design story. The task now is to help leaders build systems in which AI can coordinate work without displacing responsibility, amplify capacity without weakening trust, and make institutions more capable without making them less accountable.
