Custom AI Agent Development (With Guardrails)

AI agents that choose the right tool for the job

An AI agent is software that uses a language model to carry out a multi-step task: not just answer a question, but take a goal, work through the steps, use your tools and data along the way, and get something done. Where an AI feature drafts a reply or pulls a figure from a document, an agent handles the whole job: read the enquiry, check the records, draft the response, and route it for approval.

Agents are the part of AI with the most hype and the most ways to go wrong. Left to their own devices they loop, they invent steps, and they optimise for the letter of the instruction rather than the point of it. We build the version that works in production: narrow, scoped to a real job, wrapped in an orchestration layer that controls what it is allowed to do, with a person in the loop wherever a mistake would cost something. An agent is a capable assistant on a short leash, not an autonomous employee.

What an agent can take on

The agents that earn their keep are the ones pointed at a specific, repeatable job. These are the shapes that work.

Triage and routing

Read incoming enquiries, tickets, or documents, work out what each one is and where it goes, and route it, flagging the ones that need a human.

Reconcile and check

Compare records across systems (invoices against orders, figures against a source of truth) and surface the mismatches for someone to approve.

Research and summarise

Gather information from your systems and the web, pull it together, and produce a briefed summary with its sources.

Draft and act, with approval

Prepare the reply, the order, or the update, and carry it out once a person has signed it off.

Built with guardrails, not hope

The difference between an agent that helps and one that causes an expensive mess is the engineering around the model, not the model itself. We do not let the AI decide what it is allowed to do. An explicit orchestration layer constrains every action, hard limits stop it running away, and a separate check verifies the output before anything happens for real.

An orchestration layer. A defined workflow of the steps the agent may take, not a free-for-all where the model improvises.
Hard limits on steps and time. So it cannot loop forever, wander off task, or quietly run up a bill.
A verifier. A separate check of the agent's work against rules it cannot talk its way around.
A person in the loop. For anything that spends money, sends a message, or changes a record that matters.

A capable assistant on a short leash. The agent does the legwork; the orchestration around it decides what it is allowed to do, and a person approves what counts.

Connected to your systems

An agent is only useful if it can reach your data and your tools. We connect agents to your systems through the Model Context Protocol, the emerging standard for exactly this, so the agent works with your real records and existing software rather than a stale copy. The connection is scoped and permissioned: the agent sees and does only what you allow it to.

How it runs

We are ruthless about scope, because a narrow agent that does one job reliably beats a broad one that does many jobs badly.

1

Pick the job

One real, repetitive, multi-step task where an agent would genuinely help and a mistake is recoverable.

2

Map the steps and the limits

What the agent may do, what it must never do alone, and where a person signs off. The guardrails are designed before the agent is.

3

Build and connect

The agent, its orchestration layer, and the permissioned connections to your systems, tested against real cases.

4

Watch it work

We measure how often it is right, how often it escalates, and what it costs, and tighten it. Agents are supervised, not set loose.

Who it is for

An agent is the right tool when the work is multi-step, repeatable, and safe to supervise.

A multi-step task eats your team's time. It follows a pattern an agent could learn and repeat.
The work spans several systems. Stitching them together by hand is the slow, dull part of the job.
You want AI that does the legwork. Not one that only suggests and leaves the doing to you.
You want it scoped and supervised. Safe and accountable, not a black box making decisions on its own.
It is high-stakes with no room for error. If a wrong step is catastrophic and no human can be in the loop, an agent is the wrong tool, and we will say so.

Where it fits

An agent is the step up from an AI feature: a feature answers or drafts, an agent carries out the whole task. Where automation handles the rules-based work, an agent handles the judgement-light work that rules alone cannot, so it sits close to business automation. If the data is sensitive, the agent can run on private, self-hosted AI so nothing leaves your infrastructure.

Talk to us about an agent

Tell us the multi-step job that is eating your team's time. We will give you an honest read on whether an agent would help and how to keep it safe. The first conversation is free, takes about thirty minutes, and comes with no obligation. Read more about what working with us looks like, or get in touch directly.

Book a call →
Graphic Swish