Problem
An agent fails, and the postmortem starts with an uncomfortable question: what exactly happened.
The answer rarely fits in a log of prompt and output. The failure can be in retrieval, permissions, tool selection, parameters, retry, hallucination, timeout, validation, or in an external action that seemed successful but wasn’t.
Without a method of investigation, each incident becomes archaeology.
Thesis
Agent Incident Response must become an operational discipline.
It’s not enough to have generic observability. Agents need their own failure taxonomy and a timeline that connects intent, context, decision, tool, and effect.
The goal is not to blame the model. It’s to find which layer failed and what control was missing.
Framework
An agent-related incident must be reconstructed in seven layers:
- Intent: what task the agent received.
- Context: what information it retrieved or failed to retrieve.
- Policy: what rules and permissions applied.
- Plan: what path it chose.
- Tools: what calls it made and with what arguments.
- Outcome: what change occurred in the external system.
- Verification: how the result was verified.
Mini-case: an agent sends an incorrect email to a client. The problem could be the prompt, outdated CRM, wrong template, lack of human approval, unvalidated tool, or absent verification. Without a timeline, the team discusses opinions. With a timeline, they fix the system.
Measurable signal: percentage of agent-related incidents with a root cause assigned to a specific layer.
Posture: don’t automate what you can’t investigate.
Why It Matters Now
OpenTelemetry already defines conventions for GenAI systems, including spans, events, exceptions, and metrics related to models, agents, and tools. OpenAI recommends safeguards by layer and output validation in agents. MCP documents threats like tool poisoning, confused deputy, and authorization risks.
The infrastructure exists to get started. What’s missing in many companies is the practice: runbooks, labels, owners, and feedback to evaluations.
Anti-Example
“The model made a mistake.”
It’s a lazy explanation. It might be true, but it’s not actionable. A serious incident must identify where the chain broke: context, instruction, tool, permission, verification, or supervision.
Protocol (3 steps)
- Create a failure taxonomy. Model, context, tool, permission, integration, criteria, supervision, verification.
- Demand a timeline. Each incident must have a sequence of events and tool calls.
- Turn causes into evals. Each significant failure must end up as a permanent test case.
| Layer | Question | Corrective Action |
|---|---|---|
| context | what did it know | improve retrieval |
| tool | what did it invoke | validate arguments |
| permission | what could it do | reduce scope |
| outcome | what changed | verify state |
| eval | would it pass again | create test |
Related
- AI Traces: the layer that turns agents into auditable systems
- Output Verification Layer: the invisible insurance of production agents
- Agent Reliability Score: how to know if an agent deserves autonomy
Sources Consulted
- OpenTelemetry: Semantic conventions for generative AI systems
- OpenAI: A practical guide to building agents
- MCP Security Best Practices
Next Step
Reopen the last AI failure you had. Don’t classify it as “hallucination” until you map intent, context, policy, tool, outcome, and verification.
Translated from the Spanish original with AI assistance and reviewed for accuracy. Read the original in Spanish.