How AI Agents Actually Work
Ask a normal chatbot to book you a table, and it will cheerfully tell you how to book a table. Ask an agent, and it will actually go and try to book the table: check the calendar, look up the restaurant, see it’s full, pick another night, and come back with a confirmation. Same underlying model. Completely different behaviour. One talks. The other acts, looks at what happened, and keeps going.
That gap is the most important idea in AI right now, and underneath all the noise it is shockingly simple. An agent is a language model wrapped in a loop. That’s the secret. Not a new kind of brain, a new kind of plumbing around the same brain, one that lets it take a step, see the result, and decide the next step, again and again, until the work is done.
I want to take you through that loop honestly: what it is, where it came from (a single 2022 paper that quietly started all of this), how modern agents changed it, and the part nobody warns you about, which is that the hard problem was never making an agent smart. It was making it stop. I’ve built a few of these, and that last part is where the real scars are.
The difference in one picture
A chatbot
Takes your message, produces one answer, and is finished. It cannot check whether the answer was right. It cannot do anything about it if it wasn't.
An agent
Takes a goal, then works toward it in steps. Each step it can reach into the real world, see what came back, and adjust. It runs until the goal is met, not until it has said one thing.
The loop itself: Think, Act, Observe
Here is the engine. Strip an agent down to nothing and this is what’s left, three moves in a circle:
- Think. The model reasons about the goal and the situation right now. What’s the next best move?
- Act. It does one concrete thing in the world: calls a tool, runs code, queries a database, searches the web.
- Observe. It reads what came back, the result, the error, the data, and feeds that into the next Think.
Then it loops. The observation from this turn becomes part of the thinking for the next turn. That feedback, the fact that the agent sees the consequences of its own action before choosing again, is the entire source of an agent’s power.
Where this came from: a paper called ReAct
This wasn’t obvious. For a while, the clever trick was “chain of thought”, letting a model reason step by step out loud before answering. It helped, but it had a rotten failure: the model was reasoning in a sealed room. If it thought something false, it had no way to check, and the mistake carried through to the end. Confident, well-reasoned, wrong.
In October 2022, a group of researchers (Shunyu Yao and colleagues, out of Princeton and Google) published a paper called ReAct: Synergizing Reasoning and Acting in Language Models. The idea in the title is the whole thing: don’t make the model only reason, and don’t make it only act. Interleave them. Let it write a thought, take an action based on that thought, observe the real result, and use that to correct its next thought.
That one move fixed the sealed-room problem. Now when the model reasoned toward something false, its very next action bumped into reality, a real Wikipedia lookup, a real tool result, and reality corrected it. Reasoning kept the actions purposeful; actions kept the reasoning honest. A ReAct trajectory reads almost like a person thinking out loud while working:
And it worked, measurably. On interactive benchmarks, ReAct beat the previous best approaches by a wide margin, 34% better on a household-tasks benchmark called ALFWorld, 10% better on a web-shopping one called WebShop, using just one or two examples. On top of that, its step-by-step trajectories were far easier for a human to read and trust than a black-box answer. That combination, better results and more interpretable, is why this paper is widely treated as the seed of the whole agent era.
An agent is four things bolted together
The loop is the runtime, but what’s actually running inside it? A clean way to hold it, one that senior engineers use as a mental checklist:
If you’ve read my earlier posts, this is the moment they all click into one picture. MCP is how the Act step reaches real tools. Skills are packaged know-how the agent can pull in when a task matches. Modes (like Roo’s Architect/Code/Debug) shape how the Think step behaves. Embeddings power the Memory, recalling what’s relevant to now. None of those were separate topics. They were all pieces of this one loop, and now you can see where each one plugs in.
The developer’s version: same task, three ways
If you write code, here’s the comparison that makes it click for good. Forget booking tables. Take a real, ordinary developer moment: your test suite just went red, and you want it green again. Watch the same goal handled three ways, because the jump from the middle column to the right one is exactly what an agent is.
The trap is thinking an agent is just “a smarter script.” It isn’t. A script is a fixed decision tree you wrote at design time, it can only ever do what you anticipated. An agent decides at runtime, looking at the real situation, so it can handle the failure you never saw coming. That flexibility is the gift and, as we’re about to see, the danger.
| Normal use | Automation / script | Agent | |
|---|---|---|---|
| Who decides the steps | You, live | You, ahead of time | The model, at runtime |
| Handles the unexpected | Yes (you adapt) | No (only what you coded) | Yes (it reasons about it) |
| Speed / repeatability | Slow, manual | Fast, exact | Fast-ish, variable |
| Predictable | Fully | Fully | Mostly, needs guardrails |
| Best for | One-off, judgment calls | Known, stable, repeated tasks | Fuzzy, multi-step, changing tasks |
How modern agents quietly changed the format
Here’s a nuance worth knowing, because people conflate two things. The original ReAct had the model literally write out “Thought:”, “Action:”, “Observation:” as text, and the surrounding code parsed that text to figure out what to do. It worked, but parsing free-form text is fragile.
Modern models learned to do the Act step natively, through tool calling (also called function calling). Instead of writing “Action: search(…)” as prose to be parsed, the model emits a clean, structured request for a specific tool with typed arguments, and the runtime executes it directly. Same loop, sturdier joints. So today you’ll meet two flavours, and both are the agent loop underneath:
| Classic ReAct (text) | Native tool-calling | |
|---|---|---|
| How it acts | Writes "Action: ..." as text, code parses it | Emits a structured tool request directly |
| Reasoning | Fully visible in the trace | Often more implicit, less to read |
| Sturdiness | Fragile, parsing can break | Robust, no parsing guesswork |
| Best when | You need transparency, or the model has no tool-calling | Speed and reliability at scale |
| Still the loop? | Yes | Yes, exactly the same Think→Act→Observe |
So, to answer the question directly: ReAct and “the agent loop” are not the same thing. The agent loop is the general Think→Act→Observe cycle. ReAct is the specific, historic technique that made that loop practical for language models by interleaving written reasoning with actions. Every ReAct agent is running the loop; not every agent loop is literally ReAct.
The part nobody warns you about: making it stop
Now the honest part. Building an agent that can act is the easy half. Building one that reliably stops is the half that keeps you up at night, and it’s where most demos quietly fall apart in production.
Think back to that dashed “am I done?” exit on the loop diagram. An agent decides for itself whether to keep going. That’s the whole point of autonomy, and it’s also the whole danger. What happens when it’s wrong about being done?
The failure modes are famous enough that they have names now. The big ones:
- The infinite loop. No stopping condition, so it never ends. The most common production failure, full stop.
- The retry spiral. A tool returns nothing useful, the model assumes it just phrased it wrong, and retries the same doomed action forever.
- Cost blowup. Every iteration is a paid model call plus paid tool calls. Uncapped loops turn a bug into a bill.
- Wrong-tool drift. Vague tool descriptions lead the agent to keep reaching for the wrong tool, never making progress.
The fix is not “make the model smarter.” A smarter model can rationalize continuing just as easily. The fix is guardrails that don’t depend on the agent’s own judgment, an escape hatch it can’t argue its way out of:
This is exactly the design principle behind the safer-agent work I’ve been building. When an agent can spend money or take irreversible actions, the sane default is deny-by-default with a human checkpoint, and a budget it physically cannot exceed. Autonomy is wonderful right up to the moment it isn’t, and the guardrails are what let you sleep while it runs.
The whole thing, in one breath
An agent is a language model in a loop. It thinks about the goal, acts on the world, observes what happened, and repeats, until it decides it’s done. That loop was made practical by ReAct in 2022, which interleaved reasoning with real actions so the model’s mistakes could be corrected by reality instead of compounding in a vacuum. Modern agents run the same loop with sturdier, native tool-calling. And the four pieces, LLM, tools, memory, planning, are what turn inside it.
The magic, when you finally see it, isn’t magic at all. It’s a very smart thing that learned to check its work by doing, one honest step at a time. And the craft of building one well is mostly the unglamorous discipline of knowing when to make it stop.