TLDR (Quick-Answer Box)
Each major category breaks in a predictable, different place - agents at the connectivity layer, RAG on stale or unmaintained data, extraction on undocumented legacy systems, and copilots on unbounded user input without guardrails.
Before trusting any build, ask about API contract changes, data validation, model-failure fallback, audit trail ownership, and unbounded input handling. Those five questions predict production survival better than any model benchmark.
Summarize this post by:
Production-grade AI agents are an engineering problem, not a model problem.
Enterprises now run an average of 12 AI agents each, and adoption is expected to climb 67% within two years, according to Salesforce’s 2026 Connectivity Benchmark. Yet only 27% of the roughly 957 applications inside the average enterprise are connected to one another, and more than a quarter of APIs remain ungoverned.
Gartner forecasts that agentic AI will be present in a third of enterprise software by 2028, up from under 1% in 2024.
That gap between rising agent adoption and flat integration quality is where most LLM applications die.
This article covers what “LLM application” means once you get past the chat window, and where each major category breaks in production. It also covers a short list of questions worth asking before you trust any build, whether it’s yours or a vendor’s.
LLM applications are distributed systems
An LLM application only looks simple from the outside. Underneath, it’s a distributed system with a probabilistic component bolted onto deterministic infrastructure, and distributed systems fail at their interfaces, not at their core logic.
Agents fail mostly at underspecified APIs, ambiguous data, and missing guardrails, not at the model layer.
The three failure surfaces
Treat an agent as a system built on three engineering disciplines, and most of the failure modes people blame on “the AI” turn out to be ordinary gaps in one of them.
| Failure surface | What breaks |
| API quality | Underspecified contracts, silent schema changes, no fallback when an upstream endpoint misbehaves |
| Data quality | Ambiguous, malformed, or unvalidated input reaching the model before it ever generates a response |
| Execution quality | No guardrail catches a confident, well-formatted, wrong output before it reaches a user |
The model isn’t the bottleneck
The industry has spent a lot of energy arguing about labels. Is it an LLM app, an AI agent, or an AI copilot? The distinction matters less than whether the system around the model was actually engineered.
A recent paper on LLM application architecture makes a related point from the software engineering side. It proposes a three-layer architecture that separates an application’s logic, its communication protocols, and its hardware execution. Most LLM apps today look like tightly coupled, platform-specific software from a decade ago.
Separately, MIT, Caltech, and Asari AI researchers behind the ENCOMPASS framework showed that splitting an agent’s workflow logic from its inference strategy measurably improved scalability on a real migration benchmark. That’s concrete evidence that the “treat it as a systems problem” framing isn’t just rhetorical.
What this looks like in practice
None of this is abstract. Developers building past a basic chat demo consistently run into the same wall. The model call is the easy part.
Building a job queue with prioritization, standardizing prompt chains, passing results through multiple layers, and managing configuration is what actually takes the time. Shipping anything beyond a simple chat experience is often a huge undertaking for one person. LLMs don’t get rid of the classic engineering problems. They just add a probabilistic layer on top of them.
The practical upshot is that “which model should we use” is rarely the question that determines whether a project ships. The more useful questions are about the system wrapped around the model:
- What happens when an upstream API changes its schema without warning?
- What happens when the input data doesn’t match what the pipeline expects?
- What happens when the model produces a confident, well-formatted, wrong answer?
Agents, RAG, document extraction, and copilots are all variations on those three questions.
Agents break at the connectivity layer

This category - agents that plan, call tools, and execute multi-step workflows without a human approving every step - is the fastest-adopted one in the enterprise today. They’re also the most exposed to the API-quality failure mode specifically.
This is a different category from a single-turn assistant that answers a question and stops. An agent has to decide which tool to call, pass the right parameters, interpret the result, and decide what to do next, often several times in a row before a task is complete.
The connectivity paradox, in numbers
Here are the gaps between agent adoption and agent integration:
| Metric | Value |
| Organizations reporting widespread AI agent adoption | 83% |
| IT leaders who believe integration challenges may outweigh the value agents deliver | 86% |
| IT projects were delayed last year by API sprawl or shadow AI | 26% |
Deploying a twelfth agent doesn’t help if none of the other eleven can discover, govern, or coordinate with it through a well-defined interface. Agent count keeps climbing while the connective tissue between agents doesn’t.
More agents aren’t the fix
Agent quantity and productivity gain are not on the same curve. An enterprise can double its agent count and see integration debt grow faster than any measurable output. Each new agent is another set of API calls that have to be authenticated, versioned, monitored, and kept working when an upstream system changes without notice.
Quality of orchestration, not headcount of agents, is what the data rewards. Emerging standards like the Model Context Protocol are an attempt to solve exactly this. They offer a consistent way for an LLM to discover and call the tools and data sources it needs, one that works the same way across different agent frameworks instead of being rebuilt by hand for every one.
A protocol layer is the thing being standardized, not a better reasoning technique, which says a lot about where the actual bottleneck sits. The model was never the constraint here. The interface between the model and everything it needs to touch was.
RAG fails on data, not relevance

Retrieval-augmented generation reduces hallucination risk only as far as the underlying data pipeline is trustworthy. RAG doesn’t fix bad data. It just makes bad data sound more confident.
How RAG works
Mechanically, a RAG system retrieves relevant documents from a knowledge base at query time, usually through a vector search over embeddings. It then uses what it retrieves as grounding context for the model’s answer. That’s the entire mechanism.
Where retrieval breaks
The failure modes are almost entirely on the retrieval side, not the model side:
- Pulling the wrong document for the query
- Surfacing conflicting sources that the model then has to arbitrate between
- Working from stale embeddings that no longer reflect the current state of the knowledge base
- Chunking too aggressively, which loses context, or too loosely, which dilutes relevance and floods the model with tangentially related text
The maintenance discipline that matters
Neither problem is a modeling issue. Both are operational decisions about how the knowledge base is built and maintained, made well before a single query ever reaches the model.
Vector database choice gets a disproportionate amount of attention relative to the harder, less glamorous work: keeping the source data current, versioned, and monitored for retrieval accuracy over time.
A knowledge base that was accurate at launch and never revisited degrades quietly, and nothing about the model changes when that happens. That maintenance discipline, not which embedding model a team started with, is what determines whether a RAG application is still trustworthy six months after launch.
Extraction depends on the source system

This category covers pulling structured data out of contracts, invoices, claims, medical records, and other unstructured or semi-structured sources. An AI invoice extraction platform pulling line items from supplier documents across multiple formats is a common example. The goal is to turn that data into something a downstream system can use. The most underestimated cost here is the state of the systems the application has to read from, not the extraction model itself.
Why legacy systems are the real cost
A legacy platform with an undocumented schema and no API layer will blow through a project timeline long before the model ever gets involved. Someone first has to reverse-engineer how the data is structured before an LLM can extract anything reliable from it.
Demand for the discipline underneath this work, data engineering, is growing 15.12% annually through 2031, according to Mordor Intelligence. More pipelines and more spend only compound the exposure if provider or team selection doesn’t account for how the source systems behave.
Exceptions are the norm, not the edge case
Production extraction pipelines run into the same handful of exceptions constantly:
- Format drift as source documents change layout over time
- Non-standard annotations that don’t match the expected schema
- Handwritten notes embedded in otherwise structured documents
A system that can’t reason through an exception just accumulates a backlog silently until someone notices, often only after a downstream process has already acted on bad data.
Compliance is a day-one design input
In regulated environments, that’s not a minor inconvenience. Healthcare, financial services, and critical infrastructure work all carry compliance obligations like GDPR, HIPAA, and ISO 13485. Those obligations require audit trails, access controls, and redaction to be designed into the pipeline from the start.
Retrofitting compliance after the fact, once an extraction pipeline is already in production, tends to cost far more than building it in as a day-one design input.
Copilots need guardrails, not just answers

Customer support and internal copilot applications face a problem traditional software never had to solve. Users can type anything, and the system has to respond sensibly every time.
That’s an execution-quality and guardrail problem, not a capability gap, and it’s easy to underestimate until it shows up in production traffic.
Why bounded input doesn’t apply here
Traditional applications bound the possible user actions by design: a dropdown menu, a form with defined fields, a fixed set of buttons. That’s exactly why they’re easier to predict and test.
A natural-language interface removes that boundary entirely, and the user action space becomes effectively infinite. That shifts the burden onto the team building the guardrails around the model rather than onto the model itself.
The guardrail patterns that work
The patterns that help are consistent across teams that have shipped this successfully:
- Constrained action spaces that limit what the system is allowed to do, regardless of what it’s asked to do
- Human-in-the-loop checkpoints for any decision with real consequences
- Audit trails for what the system did and why, so a bad outcome can be traced back to a specific decision point rather than shrugged off as “the model was wrong”
The human-in-the-loop consensus
Across independent practitioner discussions about building these systems, human-in-the-loop keeps coming up as the one mitigation almost everyone converges on. It’s not an admission of failure but a deliberate design choice about where the model steers and where a person decides.
When practitioners with no product to sell and no vendor angle to protect independently land on the same answer, it’s a reasonably strong signal about what actually works, not just what sounds responsible in a slide deck.
The same governance gap breaks both. Ungoverned APIs and unmanaged integrations are what break multi-agent orchestration, and they also break copilots that need to reach several backend systems reliably. Nobody defined the interface contract clearly enough for the system to fail safely when something upstream doesn’t behave as expected.
Five questions before you trust the build
Model choice and demo polish reveal almost nothing about whether an LLM application will survive production. These five questions do, and they work equally well as an internal design checklist or as a vendor evaluation framework.
- What happens when the API contract on the other end changes without notice? This tests API-quality discipline directly. A team that has shipped production systems will name a specific mechanism, like versioning or schema validation. A team that hasn’t will describe a plan instead.
- How is data validated before it reaches the model, and what happens when it’s malformed? This tests data-quality discipline. If the answer is “the model handles it,” that’s a warning sign, not a feature.
- What’s the fallback when the model is confidently wrong? This tests guardrail and execution-quality discipline. Every production system eventually gets a wrong answer delivered with total confidence; the question is what catches it.
- Who reviews and owns the audit trail for what the system did? This tests governance, not capability. If nobody can name an owner, nobody is accountable when something goes wrong.
- What’s the plan for the input space you haven’t seen yet? This tests whether the system was designed for the unbounded nature of user input, rather than the happy path a demo shows. Demos are curated. Production traffic isn’t.
Ask these in an internal build review or a vendor RFP before a single line of prompt engineering happens. The answers matter more than any benchmark score because benchmarks measure the model. These questions measure everything the model depends on.
Your team should be able to answer these five questions with confidence. If it can’t, Eastgate’s AI and intelligent automation practice builds and hardens LLM applications, agents, and RAG systems to the same production-reliability standard as any other mission-critical system, not as a side project bolted onto a demo.
Final thoughts
Every category covered here - agents, RAG, document extraction, copilots - fails at a predictable interface, not at the model.
Data quality, API quality, and execution quality are the three engineering disciplines that decide whether any of it ships, and none of them show up on a model comparison chart.
That’s easy to say and harder to internalize, because the model is the part everyone can see and talk about. It’s the demo, the benchmark score, the thing that gets a press release.
The interfaces around it are invisible right up until one of them fails in front of a customer.
The teams and vendors worth trusting with this work aren’t the ones with the best model access. Everyone has that now, and the gap between frontier models keeps shrinking. They’re the ones who can answer the five questions above without flinching. They’ve already been burned by the answers once, and they built the fix into how they work.
Ready to Build Your Next Product?
Start with a 30-min discovery call. We'll map your technical landscape and recommend an engineering approach.
Contact usGet Industrial Insights Delivered to Your Inbox
By clicking "Subscribe" you agree to allow Eastgate Software to send newsletter emails to your address. For more information, please read our Privacy Policy.
About The Author
CEO & Founder, Eastgate Software
Ha Bui is the CEO and Founder of Eastgate Software. Since 2014, he has led the company's 12+ year engineering partnerships with Siemens Mobility and Yunex Traffic, building a 200+ engineer organization that delivers mission-critical ITS, FinTech, and enterprise software to German engineering standards.

