Article imageLogo
Chatbots Behaving Badly™

Handing the Keys to a Stochastic Parrot

By Markus Brinsa  |  September 17, 2025

Sources

Executives keep telling me they “need AI agents.” Pressed for details, they describe a chatbot that sounds vaguely like an over-caffeinated Google search with a corporate badge. Meanwhile, vendors are “agent-washing” everything from macros to help-desk scripts, boards are asking where the agents are, and the hype train is running on schedule. Let’s slow it down before someone hands the keys to a bot that can move money, fire people, or rewrite policy—and then acts surprised when it does exactly that.

First, the vocabulary you actually need

An AI agent is a software system that pursues a goal, plans actions, uses tools and data, and executes steps toward that goal. Think: “file the expense report,” “triage this ticket,” “prepare a first-pass variance analysis.” It can chain tasks, call APIs, and produce results without you spoon-feeding every move. 

Agentic AI is the broader paradigm for building networks of such agents that plan, reason, coordinate, remember, and act within constraints. It’s not just a smarter assistant; it’s an operating model shift where software takes initiative across systems. Microsoft, Anthropic and others are pushing open standards like the Model Context Protocol (MCP) so agents can talk to your apps—and to each other—without duct tape. That interop push matters far more than any glossy demo. 

If your mental model is “a better chatbot,” you’re underestimating both the upside and the blast radius.

The hype, by the numbers (and what those numbers actually mean)

Workday’s global survey of 2,950 decision-makers found that three-quarters of workers are happy to work with AI agents—but only 30% are comfortable being managed by one. Translation: people want automation, not robo-bosses. The same research says 82% of organizations plan to expand agent use, while optimism plunges in finance, legal and hiring—areas where a bad decision is expensive or unlawful. 

Gartner, never shy about a cold shower, forecasts that over 40% of agentic AI projects will be canceled by 2027—costs balloon, business value is fuzzy, risk controls are thin, and “agent-washing” is everywhere. If you’re buying “agents” that are just yesterday’s assistants in a trench coat, you’ll join that statistic. 

Meanwhile, adoption is racing ahead. Stanford’s 2025 AI Index reports 78% of organizations used AI in 2024 (up from 55% the year before). That’s momentum—but not proof your company should hand an agent root access to the general ledger. 

Where agents actually work today

In production, agents earn their keep where the terrain is structured, observable, reversible, and auditable. IT operations agents that resolve known issues and open human-reviewed change requests. HR/people-ops agents that propose schedules or first-pass job descriptions. Finance helpers that prepare reconciliations, flag anomalies, or draft narrative MD&A for a controller’s red pen. The common thread: reliable data sources, well-defined playbooks, and a human-in-the-loop before anything irreversible happens. Microsoft’s own agent push emphasizes these bounded, tool-using workflows—precisely because that’s where current tech is dependable. 

Where agents don’t belong (yet)

Let an unsupervised agent touch high-stakes decisions—credit adjudication, terminations, compliance attestations—and you’ll learn new legal vocabulary in a hurry. Open-ended customer conversations, ambiguous policies, or workflows stitched across brittle legacy systems are also asking for it. Even vendors admit the hard problems are memory, multi-agent coordination, and standards-based integration—hence the scramble around MCP and similar protocols. Until that stack matures inside your environment, keep the agent’s circle of competence small. 

Case files: when implementations bite back

New York City’s “MyCity” chatbot confidently told businesses they could do illegal things—like skim tips or discriminate on housing—while remaining live even after the city admitted the answers were wrong. That’s not cybercrime; that’s a self-inflicted governance failure and a preview of regulatory risk when you outsource policy to a stochastic parrot. 

Air Canada tried to disown its own chatbot after it misled a grieving passenger about bereavement fares. A tribunal said, nice try—you’re liable. The immediate cost was small; the precedent and brand damage weren’t. An agent that “goes off-script” doesn’t absolve you; it is you, in the eyes of customers and courts. 

You can also file the parade of corporate chatbots gone feral—DPD’s swearing bot is the comic relief—but the lesson is serious: once it’s public-facing and unsupervised, you’re one prompt away from reputational harm. 

If you’re looking for documented cases of an otherwise healthy company destroyed solely by its own AI deployment, there’s little credible evidence as of today. What we do have are expensive recalls, lawsuits, compliance probes, and trust deficits that put leadership careers—and quarterly guidance—on the line. That’s enough.

How to build agentic systems that are boring, safe, and profitable

Start with value-contained workflows where failure is cheap and rollback is instant. Instrument everything: every tool call, every data pull, every decision proposal. Make the agent propose actions and generate an audit trail a human can accept or reject. Use standard connectors and contexts (like MCP) so the agent knows what data it may touch and why; treat that contract as a firewall, not a suggestion. And beware “agent-washing”: if a vendor can’t show you plans, tools, memory, guardrails, and measured outcomes in a sandbox tied to your data, you’re buying a demo, not a system. 

The CFO/CEO sanity test, in plain language

Before you greenlight anything called an agent, demand a one-page brief that answers three questions: what narrow business goal does it pursue; which systems and datasets—by name—will it read and write; and what’s the hard stop that prevents irreversible harm. If your team can’t give you that in normal English, the project isn’t “innovative”; it’s unfalsifiable. Workday’s own research hints at the social contract your people will accept: agents as copilots and teammates, not bosses. Build there first. 

The punch line

Agents won’t save a bad strategy, and “agentic AI” won’t rescue a weak operating model. Get the plumbing right, pick boring problems, measure real outcomes, and keep a human hand on the lever. Do that, and you’ll get the only kind of AI transformation that matters: the kind that doesn’t make headlines.

About the Author

Markus Brinsa is the Founder and CEO of SEIKOURI Inc., an international strategy consulting firm specializing in early-stage innovation discovery and AI Matchmaking. He is also the creator of Chatbots Behaving Badly, a platform and podcast that investigates the real-world failures, risks, and ethical challenges of artificial intelligence. With over 15 years of experience bridging technology, business strategy, and market expansion in the U.S. and Europe, Markus works with executives, investors, and developers to turn AI’s potential into sustainable, real-world impact.

©2025 Copyright by Markus Brinsa | Chatbots Behaving Badly™