Today, most people meet agents through a familiar interface: a chat window. The interaction is direct and mostly one-to-one. A person asks, the system answers, and the conversation ends when the session ends.

That model will not hold for the work many organizations actually need agents to do. Not all agent collaborations require a human in the loop any more than every application requires a user watching it run. Some agent work will look like pipelines, batch jobs, and background services: quiet, continuous, and mostly invisible until something goes wrong or a decision needs a signature. In that world, humans do not "chat" with agents as much as they supervise them — approving exceptions, supplying missing context, or signing off on outcomes.

The more important problem, then, is not how to perfect the chat experience. It is how to enable broad agent-to-agent coordination while still offering human interaction at the right moments. Ambient agents have to discover other agents, negotiate responsibilities, exchange artifacts, and hand work off across long-running, stateful threads. They must be able to pause, resume, and explain themselves without assuming anyone is present, and they must do so in ways that remain governable and auditable.

The obstacle is that many teams are still building as if agents are chatbots with better prompts. In an enterprise setting, that assumption produces predictable failure modes: work that cannot reliably resume after interruption, actions that cannot be attributed to a stable identity, and systems that are difficult to govern, audit, and scale. As the industry starts to converge on standards like A2A and MCP, the idea of agents collaborating over explicit protocols — rather than ad hoc UI sessions — is gaining acceptance, because it matches the shape of the work organizations actually need.

This article lays out the architectural implications of the shift to ambient agents, and the foundation an Agentic Mesh must provide to make them safe and operational. Specifically, I examine four requirements that become non-negotiable as agents move into the background: they must be headless (unbound from a UX), distributed (able to coordinate across services), identity-bearing (so actions are controlled and attributable), and stateful (so collaboration is reliable over time).

The Chatbot Trap

Most enterprises are approaching agents with the wrong mental model. They are treating them as a new interface layer — chatbots with better reasoning — when the real destination is not a window on a screen. It is a fleet of long-running workers operating largely out of sight, coordinating with each other across systems, and producing outcomes with real operational and financial consequences.

The trap is subtle because chat is the easiest place to start. A session-bound, UX-tethered design assumes a user is present, context is ephemeral, and failures can be handled by "try again." But the work organizations want agents to do often looks less like a chat session and more like an application: event-driven, multi-step, multi-day, interruption-prone. Information arrives late, approvals happen asynchronously, dependencies fail, and handoffs are constant. When you build agents as conversations that end, you build systems that cannot reliably continue.

That mismatch produces predictable failure modes. Work gets duplicated or dropped because there is no durable state and no resumable thread. Actions cannot be confidently attributed because agents lack stable identity, least-privilege controls, and auditable authorization boundaries. Coordination degrades into brittle glue code because there is no shared conversation fabric for agents to discover one another, route tasks, exchange artifacts, and record receipts. And when something goes wrong, teams cannot explain what happened, why it happened, or who — or what — was responsible.

The cost of waiting is not that you will fail to deploy agents. You will deploy them. The cost is that you will deploy them on a foundation that does not scale, then pay for it later in operational risk, governance debt, and expensive rewrites the moment a serious workflow spans time, systems, and teams. Ambient agents are coming whether or not the architecture is ready; the decision is whether you build the substrate now, or rebuild it later under pressure.

A good example always helps… Imagine an ambient remediation workflow after a suspected fraud event. A detection agent flags the case and opens a long-running thread. An evidence agent gathers signals from multiple systems. A compliance agent issues a ruling. A notification agent drafts customer communications. A human relationship manager supplies missing context when asked, then disappears again. The workflow can pause for hours or days, and it must survive restarts and partial failures. When services bounce mid-stream, the system has to resume safely — without re-sending customer notices, duplicating account holds, or losing the audit trail that proves who authorized what, when, and why.

Why Chatbots Still Dominate

I have been designing and building distributed systems for a long time and this approach sounds almost intuitive (well, for me anyway).

So, why is building ambient agents still in its infancy? Here are a few guesses.

A UX-bound chatbot is probably the default because it is the easiest thing to ship that still looks like "AI." A text box plus an LLM produces immediate, legible output. It demos well and it feels finished because the conversation has a clean boundary: you open a session, you ask, you get a response, you close it. The hard parts of enterprise work — waiting, resuming, coordinating, handing off — are conveniently out of frame. For most teams under pressure to show progress, that packaging is irresistible.

There is also a simple cognitive trap at work: if all you have is a hammer, everything looks like a nail. Organizations have spent a decade building digital products around screens, sessions, and user flows. Many teams are good at UX. Far fewer have built background systems that run continuously, coordinate across services, and do useful work without someone watching. So, when "agents" arrive, teams reach for the tools they already know — UX, prompts, chat — because it is familiar. And the moment you start thinking "pipeline" or "batch job" or "always-on worker," you are no longer in product UX land — instead you are in operations land.

Chat-first designs are also a kind of liability shield. The moment an agent operates without a human sitting in front of it, you've crossed from "assistive software" into "operational actor." That triggers a different class of scrutiny: who authorized the action, what data it touched, how it can be revoked, how to audit it, how to prevent repeats, how to explain a decision after the fact. A chatbot keeps a human as the actuator, which conveniently pushes responsibility — and risk — back onto the user. "The model suggested it" is one kind of story. "The system did it" is a very different one.

Then there is the collaboration problem hiding inside the integration problem. Ambient agents only become real when they can actually do things: consume events, call systems, coordinate handoffs, write durable state, and produce outcomes. But the moment you have more than one agent in play, you also need a way for them to find each other, negotiate responsibility, pass work, and exchange artifacts without turning every handoff into a bespoke integration.

The truth is without common protocols, inter-agent coordination devolves into brittle glue code and one-off conventions. With protocols like A2A and MCP, the industry finally has a credible path to broader agent-to-agent communication — one that doesn't require every vendor to reinvent discovery, messaging, tool invocation, and provenance from scratch.

A chat UI can deliver value while avoiding most of this. It can "talk about" the workflow without being accountable for executing it end-to-end. It can summarize a policy without being bound by least privilege. It can propose an action without generating the receipts you need when auditors show up. It can look smart while still living outside the boundaries of enterprise systems.

Underneath all of this is a harder truth: what we are describing is distributed computing, and distributed computing is hard to do well. It is hard even when the "work" is cleanly defined and the state is simple. We still need to deal with partial failure, retries, ordering, idempotency, backpressure, network partitions, inconsistent clocks, and systems that fail in ways that are perfectly normal but maddening to reason about.

But conversational, long-running interactions are distributed computing on steroids. When we add conversational, stateful interactions the problem domain becomes very, very hard. When threads persist for days, involve multiple agents, depend on intermittent human input, and must survive restarts without duplicating side effects, things get complicated very quickly. We are no longer just distributing computation; we're distributing responsibility and memory. The failure mode isn't "a request timed out." It's "the agent repeated an irreversible action," or "the system cannot explain why a decision was made," or "two agents diverged and nobody noticed until a customer complained."

So, the market does what markets always do: it optimizes for what can be shipped, sold, and supported today. Chatbots fit the current tooling, pricing, and buyer expectations. Ambient agents require a foundation — identity, durable state, orchestration, observability, and governance — and they increasingly require a shared language for agent collaboration. Many vendors don't have that foundation yet, and many buyers haven't demanded it. But that gap won't last. As soon as organizations ask agents to run real workflows over real time, the chat window stops being a product and starts being a crutch.

But that's exactly the point: the chat-first approach persists not because it's the destination, but because it's the easiest on-ramp. To move from demos to durable enterprise workflows, we need a different agent model — so before we talk architecture, let's define what an ambient agent actually is.

Ambient Agents

Ambient agents in Agentic Mesh have three defining characteristics: they run in the background, they continuously observe and act while collaborating with other agents, and they are long-running — meaning they retain enough state and memory to survive interruption and resume reliably.

None
Figure 1, Ambient Agents

Ambient agents run in the background.

They operate persistently and invisibly, embedded inside environments, workflows, and systems. In practice, they look less like "a conversation UI" and more like an always-on service: closer to an application, a pipeline, or a batch job that keeps moving even when no one is watching. They are "always on" in the practical sense — available to notice change, receive signals, and initiate work without requiring a user to start a session.

Because they run in the background, ambient agents are designed around continuity, not interaction. They can keep a process moving while humans are busy, asleep, or only intermittently involved. People still matter — often as approvers, exception handlers, and context providers — but humans are no longer the engine that keeps the thread alive. The work progresses whenever the next input arrives, whether that input comes from a person, a system, or another agent.

This background posture also changes what "control" looks like. Instead of being steered moment-to-moment through a UI, ambient agents are governed by conditions, triggers, policy, and workflow context. The unit of progress is not a back-and-forth exchange in a chat box, but a sequence of decisions and actions that unfold as the environment evolves — and that sequence has to be durable, attributable, and auditable, because it produces real outcomes.

Ambient agents continuously observe and act.

They watch their environment the way operational systems do: by interpreting telemetry, transactions, user behavior, and system state. Their job is to detect meaningful patterns — signals, anomalies, thresholds, gaps — and respond in a way that advances the workflow rather than merely generating an answer. This is one reason chatbots are the wrong mental model: observation doesn't start when a user types. It's already happening.

They also listen for direct input and commands from people or other agents. The key difference from a chatbot is that these inputs are not the only "start button." An ambient agent can be driven by autonomous signals (a fraud score crossing a threshold, a document arriving, a service failing) and by intentional directives (a human escalation, a manager approval, a peer agent request). Both are first-class triggers, and in a mature system they flow through the same shared fabric so an agent can act, hand off, and wait without losing the thread. Standards like A2A and MCP matter here because they make agent-to-agent collaboration less like bespoke glue and more like a normal operating mode.

Because observation and action are continuous, ambient agents behave like coordinators. They decide when to act immediately, when to request clarification, when to wait, and when to escalate. The "conversation" becomes less about chatting and more about operating: gathering evidence, making a decision, taking an action, and leaving behind enough structure — messages, artifacts, receipts, and state — that another agent or a human can pick up the thread with confidence.

Ambient agents are long-running.

They can run for long periods because the work they support rarely completes in a single sitting: inputs arrive late, dependencies change, approvals come asynchronously, and tasks span hours or days. Long-running here is not a "long response." It is long-lived participation in a workflow.

To make that possible, they retain memory of goals, actions, decisions, and context across sessions, reboots, and interactions. They can pause when something is missing, resume when it arrives, and continue without losing coherence. This is the point where "stateful" stops being a technical preference and becomes a requirement: without durable state, you don't just lose context — you risk duplicate side effects, broken audit trails, and coordination failures that show up as real-world damage.

Long-running capability also enables reliable coordination with others. An ambient agent can hand work to another agent, wait for results, reconcile conflicting information, and keep the overall thread intact. Instead of treating interruptions as failures, it treats them as normal operating conditions — designing for persistence so the workflow remains stable even when the environment is not.

Architecture Implications

The problem statement set up a simple mismatch: enterprises are trying to do long-running, multi-agent work with a session-bound, UX-tethered chat model. That mismatch doesn't just create awkward user experiences; it creates operational risk — work that can't reliably continue, actions that aren't attributable, and systems that don't scale cleanly beyond demos. Ambient agents are the corrective move, but they only work if the architecture changes with them.

The three defining characteristics of ambient agents — running in the background, collaborating through long-running conversations, and remaining stateful across interruptions — translate directly into non-negotiable architectural requirements. Background operation implies the agent cannot depend on a chat window or a human being present. Long-running, multi-agent collaboration implies a fabric for communication and coordination rather than a single private thread. And statefulness implies the ability to persist progress and recover safely when components restart or fail.

None
Figure 2, Ambient Agents: Architecture Implications

That's why the shift to ambient agents drives four core implications: ambient agents must be headless, implemented as distributed services, identity-bearing, and stateful. These are not feature choices; they are the minimum substrate required to make ambient agents operable, governable, and safe at scale. The next sections unpack each implication in turn and show what it demands from real systems, not just prototypes.

Ambient Agents are Headless

Without a UX to lean on, an ambient agent must run on signals, not screens.

Most agent applications today are built around a user interface. A typical example is the chatbot: it appears as a visible interface on a website or app, waits for a user to type something, and responds within that session. The entire interaction is framed by the user's presence and activity. These agents are interactive but short-lived. They are instantiated when needed and often reset when the session ends. Their behavior is driven by user prompts, and their architecture assumes a live, connected front-end. In contrast, ambient agents are not designed to be seen or interacted with directly. Their architecture must not assume the presence of a UI, nor rely on user-initiated sessions.

None
Figure 3, Ambient Agents are Headless

Running in the background means that ambient agents must be headless by design. They are not tied to browser windows, mobile apps, or desktop applications. There is no screen to display a menu, no input box for a query, and no ongoing user presence. This separation from the front-end is not a limitation; it is a deliberate design choice. It allows agents to run continuously, independently of whether a human is watching or interacting. Instead of being event-driven by direct user input, they operate based on signals from the environment, other agents, or background data pipelines. The absence of a connected UX requires a different communication model — one that is asynchronous, loosely coupled, and resilient to delays or disconnections.

Despite being headless, ambient agents still need to interact with people. But rather than waiting for direct user input, they monitor for signals that may come from human activity, such as submitted forms, sensor data, business transactions, or command messages. These interactions are not framed as real-time conversations but as discrete events that occur within larger workflows. For instance, a user might upload a file or change a system setting, which then triggers the agent to act. In this model, agents listen for inputs — some from humans, others from machines — but their primary execution path is designed to operate autonomously. Human interaction is just one of many potential inputs, and often not the most frequent one.

This shift has important architectural consequences. The logic that would traditionally reside in the front-end must now be encapsulated in the agent itself or in supporting services. The agent must validate inputs, track progress, and decide next steps without relying on visual cues or real-time clarification. It must also provide feedback in a different way — typically by writing to logs, updating shared state, or triggering downstream actions. The goal is not to eliminate human input altogether, but to make agents robust and useful even when human attention is intermittent. In doing so, ambient agents become infrastructure-like: persistent, reliable, and largely invisible, yet deeply embedded in the flow of work.

Coming back to our earlier example: In fraud remediation, the work cannot depend on a chat window — signals arrive from systems and other agents, and human involvement is intermittent, not continuous.

Ambient Agents are Implemented as Distributed Services

If ambient agents are meant to operate at scale, they can't be apps — they must be services.

That is why ambient agents are headless. They are services that live behind the scenes, relying on infrastructure that supports asynchronous and programmatic interaction. In practice, this means favoring APIs, message queues, and event buses instead of click-based input mechanisms. Agents publish and consume structured messages, or they interact with RESTful or gRPC endpoints, depending on the task. This design aligns with enterprise integration patterns, but it also supports something more fundamental: agent-to-agent collaboration. If agents are collaborative by design, then their "native language" has to be protocols and messages, not screens and sessions.

None
Figure 4, Ambient Agents are Distributed

What we are building is distributed computing with a conversational interface and long-lived state. That combination is a very, very difficult problem to solve! The good news is that most of the core problems are known: partial failure, retries, ordering, idempotency, backpressure, and observability have been studied for decades, and there are mature patterns to address them. The bad news is that "known" does not mean "easy." These are the kinds of problems that only feel solved right up until you try to run them at scale, across teams, across systems, over real time, with real consequences.

Ambient agents are not designed as short-lived processes. Instead, they are long-running services with well-defined lifecycles. Each agent must be deployable, observable, restartable, and updatable without loss of state. This requires infrastructure that supports robust lifecycle management — including start, stop, pause, resume, and upgrade operations. And because ambient agents are designed to run in the background and sustain long-running threads, interruption is not an exception case. It's normal. The system has to treat restarts, redeployments, and partial outages as routine operating conditions, not as catastrophic failures.

To support large-scale deployment and manageability, ambient agents benefit from containerization technologies such as Docker. Containerization allows agents to be packaged with all their dependencies, ensuring consistent behavior across different environments. In addition, orchestration platforms like Kubernetes can manage these containers, providing fault tolerance, resource scheduling, health checks, and rollout strategies. This ensures agents can be deployed, scaled, and recovered efficiently in dynamic enterprise environments — with the key caveat that "recovered" must include "resumed," not "restarted and hoped for the best." The state and the thread have to come back with the process.

Ambient agents must operate across multiple execution environments, including cloud infrastructure, on-premises servers, and edge devices. This distributed nature introduces several architectural challenges. Agents need to tolerate differences in compute resources, network conditions, and local configurations. Moreover, they must be resilient to partial system failures, such as network partitions or temporary unavailability of services. Distributed execution is not a choice but a foundational requirement and it is exactly why the "chatbot" mental model breaks down. A chat session can pretend the world is stable. Distributed services can't.

In distributed environments where many agents operate concurrently, the system must support multi-tenancy and dynamic workload balancing. This means that different agents, possibly from different business units or use cases, can safely share the same infrastructure without interfering with each other. It also means that workloads should be assigned intelligently across available nodes to optimize resource usage and avoid bottlenecks. This requires runtime awareness of agent activity, health, and resource consumption — and, increasingly, shared conventions for how agents advertise capabilities, invoke tools, and exchange results. This is one of the reasons standards like A2A and MCP are gaining traction: they create a more interoperable baseline for agent collaboration, which makes a service-oriented architecture more feasible outside a single vendor's ecosystem.

In the same workflow, no single agent can "own" everything; it must coordinate across specialized services (risk scoring, case management, compliance review, notifications) over a shared messaging fabric. That is the day-to-day reality of ambient agents: not a single clever model in a box, but a distributed system of cooperating workers, operating continuously in the background, and staying coherent over time.

Ambient Agents have Identity

Without identity, autonomy becomes a liability.

Every ambient agent must have a unique and persistent identity. This identity remains stable across restarts and redeployments while also allowing for consistent logging, traceability, and accountability. It also enables long-term correlation of agent behavior across time and across tasks. Without a unique identity, it becomes difficult to monitor or audit individual agent activities or apply policy constraints at the agent level.

None
Figure 5, Ambient Agents have Identity

With a unique identity in place, the next step is authentication and authorization. Each ambient agent must be able to prove its identity to other agents or systems it interacts with. This requires integration with standard enterprise security protocols, such as OAuth2, JWT, or mutual TLS. Once authenticated, agents must be granted access based on their identity and role. This prevents unauthorized behavior and ensures that agents can only perform tasks they are explicitly allowed to carry out.

Beyond basic authentication, agents benefit from a role-based or attribute-based model of access control. An agent acting as an observer may only read telemetry data, while an agent acting as an executor may be allowed to take corrective actions. Policies can be enforced centrally to define what each role is allowed to do, including time-based constraints, data access boundaries, or escalation requirements. Assigning roles to agents simplifies their behavior model and supports safe coordination across fleets.

In most organizations, human users are managed by a centralized identity provider. Ambient agents must follow the same model. By integrating with enterprise IAM systems like Keycloak, Active Directory, or Okta, agents can be provisioned, authenticated, and audited using the same infrastructure already in place for human users. This reduces operational overhead, improves visibility, and aligns with enterprise security policies. It also enables federation, single sign-on, and revocation mechanisms for agent access.

So, when the agent places, for example, an account hold or sends a customer notification, the action must be attributable to a stable, authenticated identity with least-privilege authorization — or the workflow becomes operationally unsafe and unauditable.

Ambient Agents are Stateful

Without durable state, recovery becomes guesswork.

Ambient agents must maintain state across long-running tasks, interruptions, and restarts. This means that agent state must be stored in durable back-end systems such as databases, object stores, or event logs. The state may include task progress, prior decisions, open questions, and intermediate results. Without durable state, an agent cannot resume where it left off after a crash or system restart. State is the foundation for continuity, reliability, and correct behavior over time.

None
Figure 6, Ambient Agents are Stateful

It is not sufficient for agents to merely store their state. That state must also be observable to operators, debuggers, and supervisors. Engineers need to inspect the current or past state of an agent to understand why it made a particular decision or to diagnose failures. This requires state schemas to be structured, versioned, and queryable. In some cases, audit trails must be recorded for compliance, requiring additional metadata about who initiated a change and when it occurred.

Ambient agents often handle tasks that unfold over hours or days. This requires the architecture to support resumable workflows, timeout handling, and waiting states. Agents may need to wait for external events, human input, or downstream dependencies. Rather than using simple synchronous logic, agents often adopt workflow engines or orchestration frameworks that support checkpoints, retries, and recovery. This ensures that progress is not lost and that multi-step processes can be reliably executed.

Agents must respond to temporal events such as delays, deadlines, and timeouts. They must also be able to recover gracefully after interruptions. This requires infrastructure that can schedule tasks, resume from persisted state, and handle retries without side effects. Recovery logic must be carefully designed so agents do not repeat actions unnecessarily or skip critical steps. All of this increases the reliability and predictability of agent behavior in real-world conditions.

Clearly, if the system restarts halfway through the case, the agent must recover its exact progress and outstanding obligations so it does not repeat irreversible steps (like holds or notices) and can explain the full history end-to-end.

Conclusion

The rise of ambient agents, in my opinion, marks a turning point in how we design and deploy intelligent systems. Moving beyond isolated interactions, these agents operate like background services — always on, quietly observing and acting — while coordinating with other agents over long-running threads. In other words, the center of gravity shifts from "a helpful chat window" to "a distributed fleet that gets real work done." That shift introduces architectural demands that many teams have been able to postpone: durable state, resumable conversations, stable identity, least-privilege authorization, and the ability to explain what happened after the fact. None of this is science fiction. It is distributed computing, with all the usual failure modes, now carrying responsibility, memory, and side effects.

The challenge is that this is hard in exactly the way distributed systems are hard: the problems are well-known, the patterns exist, and the edge cases still hurt. What changes with ambient agents is the cost of getting it wrong. A timeout is one thing. A repeated irreversible action, a lost audit trail, or two agents diverging silently is something else. If we take the design seriously — grounding it in familiar human patterns of communication, memory, and role-based collaboration, and supporting it with shared protocols for agent-to-agent interaction — we can build systems that are not only intelligent, but resilient, interpretable, and aligned with enterprise workflows that span time, systems, and teams.

As organizations look to take advantage of ambient agents, success will depend on a substrate where state is reliable and visible, conversations are persistent and recoverable, and coordination scales across fleets and ecosystems. Those requirements are already showing up in the market, which is why standards like A2A and MCP are gaining traction: they acknowledge that most agent work will be collaborative, asynchronous, and only occasionally human-facing. My crystal ball is foggy at the best of times, but this direction is no longer speculative. The time to prepare is now. For teams building the next generation of agent ecosystems, the decision to invest in an Agentic Mesh that can support ambient agent collaboration may be one of the most consequential design choices of the decade.

This is part of larger article that addresses a broader suite of topics related to agents (see my full article list). If you like this article, you may wish to checkout my latest book with O'Reilly.

All images in this document except where otherwise noted have been created by Eric Broda (the primary author of this article). All icons used in the images are stock PowerPoint icons and/or are free from copyrights.

The opinions expressed in this article are the author's alone and do not necessarily reflect the views of our clients.