"We need an AI agent" is a sentence I hear constantly, and very often what the team actually needs is a chatbot or an assistant. These three categories of LLM-powered system get used interchangeably, but they sit at distinct points on a spectrum of autonomy, and confusing them leads to either overbuilding or under-protecting. Let's place them.

Chatbots: converse, don't act#

A chatbot is a general-purpose conversational system. It generates text in response to what you type, and that's the extent of it. The defining traits:

• It takes no actions. It produces words. Nothing happens in any other system as a result.
• It's stateless. By default it doesn't remember past interactions; each exchange stands alone.
• The workflow is manual. You copy the output and paste it wherever it needs to go. The human is the integration layer.

This sounds limited, but for an enormous range of uses, conversing and informing is exactly what's wanted. Drafting, explaining, brainstorming, answering questions, none of those require the system to do anything beyond talk.

Assistants: act, with approval#

An assistant moves one notch up the spectrum. It's domain-specific and embedded directly in a workflow rather than living in a separate chat window. The defining traits:

• It's reactive. It responds to what's happening in your workflow, suggesting next steps within established patterns.
• It requires approval for every action. Nothing executes until a human says yes. The assistant proposes; you confirm.
• It works within established patterns. It's not inventing new approaches; it's accelerating known ones.

Think of an assistant as a knowledgeable pair-programmer riding along in your tools. It can suggest the edit, draft the message, or prepare the change, but you remain the gate on every action it takes.

Agents: act, under delegated authority#

An agent sits at the autonomous end. Given a goal, it plans a multi-step solution, executes the steps independently, calls external systems and APIs, and makes implementation decisions on its own within boundaries you've delegated. The defining traits:

• It plans multi-step solutions rather than responding one turn at a time.
• It executes independently, without pausing for approval on every step.
• It integrates with external systems directly, calling APIs to get things done.
• It makes implementation decisions inside the authority you granted it.

An agent is genuinely powerful and genuinely riskier, precisely because it acts without a human confirming each move.

The differentiators that actually matter#

Strip away the labels and three properties separate these categories:

• Statefulness: does the system remember and build on prior context?
• System integration: does it reach into other systems, or just produce text?
• Degree of delegated authority: how much are you trusting it to do without asking first?

As you move from chatbot to assistant to agent, all three increase together.

More autonomy means more guardrails#

Here's the practical rule that should govern every one of these decisions: the more autonomy a system has, the more guardrails it needs. Autonomy and control move in opposite directions, and you have to add control deliberately to compensate.

A chatbot needs little protection because it can't do much harm; the worst case is bad text a human catches before acting on it. An agent, by contrast, needs serious investment in:

• Explicit boundaries on what it's permitted to touch and change.
• Guardrails that prevent it from taking dangerous or irreversible actions.
• Audit logging so every action it took is reconstructable after the fact.
• Human-in-the-loop checkpoints at the highest-stakes steps, even within an otherwise autonomous flow.

Skipping these for an agent is how you end up with a system that confidently does the wrong thing at scale.

Picking the right one#

The choice comes down to a simple question about how much the system needs to do:

• If you just need to converse or inform, build a chatbot. Don't add machinery you won't use.
• If you need domain expertise but a human should approve each action, build an assistant. The approval gate is the feature, not a limitation.
• If you need multi-step action under delegated authority, build an agent, and budget real effort for the guardrails that autonomy demands.

The mistake to avoid is reaching for "agent" because it sounds most impressive. The right answer is the least autonomous system that solves your problem, because every notch of autonomy you add is a notch of control you now have to engineer back in.