Anti-Patterns

Anti-pattern: pre-allocate roles (manager, coder, designer, researcher) across a fixed set of typed sub-agents and route tasks to them by role label.

Anti-pattern: deploy a long-horizon agent without modelling that per-step accuracy multiplies across the trajectory.

Anti-pattern: the agent cites its own past memos as ground truth instead of re-verifying them against the artifacts they describe, accumulating false confidence in stale summaries.

Anti-pattern: let an agent's effective permissions be the union of its own identity, the identities of its tools, and the identities of the services those tools call.

Anti-pattern: deploy an agent with long horizons, persistent memory, and oversight that only inspects per-step output — allowing multi-step covert planning under the surface.

Anti-pattern: let the agent author and execute code in its sandbox without distinguishing legitimate task code from injection-induced code.

Anti-pattern: deploy agents on top of an unconsolidated data foundation, weak governance, or missing MLOps infrastructure, so every subsequent capability — observability, retraining, compliance retro…

Anti-pattern: let agents take over routine architectural and debugging decisions in code until developers no longer form the implicit knowledge that lets them review the agent's output or recover whe…

Anti-pattern: compose agent capabilities at runtime from third-party tools, RAG sources, model providers, plugin marketplaces, and tool definitions, with no integrity check on what loaded.

Anti-pattern: an attacker seeds source files with thousands of lines of repetitive natural-language comments designed to instruct the model code auditors / agents that may read the file — not to comm…

Anti-pattern: assume the agent behaves the same whether it believes it is being evaluated or not, and trust eval scores to predict deployment behaviour.

Anti-pattern: grant the agent a tool with broad authorization and trust the agent to use it in benign ways.

Anti-pattern: deploy agents on top of a workflow that is already dysfunctional, so the dysfunction is amplified at machine speed instead of resolved.

Anti-pattern: ship an agent without traces, decision logs, or provenance, then debug from user reports.

Anti-pattern: run synchronous, blocking I/O inside the agent loop or HTTP handler, capping concurrency at the number of OS threads.

Anti-pattern: build a multi-agent system where one agent's failure or hallucination propagates as input to peers, until the whole system has drifted.

Architectural gap: current agents cannot resolve complex goal conflicts the way humans do through experience and contextual judgment, even at Progression-Framework Level 3.

Agents recalculate within declared tools and rules like a GPS rerouting, but cannot creatively transcend those boundaries to invent new approaches the way humans do.

Anti-pattern: the LLM cannot hold multiple interconnected constraints in mind simultaneously the way human working memory can; it processes each constraint locally and loses the cross-constraint view.

Agents faithfully follow explicit security rules but miss the broader implications — they log access correctly without flagging the unusual pattern a human expert would catch immediately.

Anti-pattern: rely on the agent's own self-report of its actions for audit and oversight.

Anti-pattern: when given equally-weighted conflicting goals, the agent either gets stuck trying to satisfy all simultaneously or oscillates between solutions without converging — the most common LLM…

Anti-pattern: multi-agent pilot benchmarks at 95% accuracy / 2s latency on a curated demo set, then degrades to ~80% / 40s under realistic 10k-RPD load.

Anti-pattern: ship a demo-validated agent straight into production without a frozen eval, cost ceiling, loop-detector, or named oncall, then act surprised when accuracy drops and cost runs away.

Anti-pattern: scrub failed actions, stack traces, and error observations from the agent's own context so the trace looks clean, leaving the model with no evidence of what did not work.

Anti-pattern: the model produces incorrect answers with the same high confidence as correct ones, failing to vary its expressed certainty with its actual reliability — Oxford-documented for constrain…

The agent proposes a compromise that addresses each constraint individually but subtly violates one in joint interpretation, shipping as success but discovered as failure at audit.

Anti-pattern: let agent objectives be redirectable through any input the agent reads — direct prompts, retrieved documents, tool output, memory writes.

Anti-pattern: let the model emit citations as free text and trust them.

Anti-pattern: trust the model to invoke only the tools it has been given, then debug calls to functions that do not exist.

Anti-pattern: stuff every capability into one agent with one giant prompt.

Anti-pattern: silently swap the underlying model between requests without disclosing the change to users or operators.

Anti-pattern: agent workflows read or write undeclared shared state (caches, env vars, process globals) instead of explicit inputs and outputs.

Anti-pattern: an agent rollout shifts effort from doing the work to validating, monitoring, and recalibrating the agent — net productivity is negative because the hidden human evaluation burden excee…

Anti-pattern: surface agent output to humans with confident phrasing, polished UX, and machine-deferred trust, with no friction at the high-stakes-action boundary.

Anti-pattern: launch multi-agent debate without a termination rule and watch the agents loop forever.

Anti-pattern: deploy agents whose scale-out behavior triggers sudden data-and-compute bursts that on-prem or under-provisioned cloud infrastructure cannot absorb; agents work at small scale and freez…

Anti-pattern: pass messages between agents on shared transports without authenticating the sending agent, the message content, or the sequence.

Anti-pattern: restrict the agent's action language to JSON tool-call dictionaries even for tasks where code-as-action (functions composing, loops, conditionals over results) would be the natural shap…

LLM accuracy on retrieving information from long contexts drops sharply when relevant content sits in the middle of the prompt rather than at the start or end.

Anti-pattern: let any session prompt the agent to read out, summarise, or paraphrase long-term memory entries belonging to other users, prior sessions, or system state, with no read-time isolation by…

Anti-pattern: write to agent long-term memory (vector store, knowledge graph, episodic log) from any surface the agent reads, with no provenance check.

Anti-pattern: retry state-mutating agent tool calls without idempotency keys, so retries multiply real-world side effects.

Anti-pattern: call the model without an explicit max_tokens (or equivalent) so a single call can drain the run's budget on a runaway generation.

Anti-pattern: split a fundamentally sequential workload across multiple agents, degrading accuracy by 39–70% with no parallelization benefit.

Anti-pattern: retry failed model or tool calls immediately, amplifying load on systems that are already failing.

Anti-pattern: reach for naive RAG before checking whether the knowledge actually needs retrieval.

Anti-pattern: route all agent runs through a single-process orchestrator that becomes the system-wide concurrency ceiling.

Anti-pattern: let an agentic RAG system miscalibrate when to retrieve, so it either re-retrieves information already in context or skips retrieval when its parametric knowledge is stale.

Anti-pattern: ship the agent in 'beta' indefinitely so that quality regressions are someone else's problem.

The LLM commits to a confident answer before processing all constraints, characteristic of constraint-heavy tasks where it fills in plausible answers fast and gets cross-constraint interactions wrong.

Anti-pattern: every bug fix adds a sentence to the system prompt; nothing is ever removed.

Anti-pattern: let concurrent agents perform read-modify-write on shared external resources without locking, producing silent data corruption.

Anti-pattern: use the realtime/synchronous model API for workloads whose latency budget would permit batching, paying 2–10× the unit cost for no user-visible benefit.

Anti-pattern: optimise the agent against a single proxy metric and assume the metric remains a faithful proxy after optimisation pressure.

Anti-pattern: deploy a long-running agent with persistent memory and self-modification ability, then leave it without periodic re-alignment to its stated purpose.

Anti-pattern: have the same model both produce an answer and critique it, expecting independence.

Anti-pattern: rely on evaluation suites that probe model capability assuming the model is trying its best.

Anti-pattern: parse free-form model output for downstream code instead of using structured output.

Anti-pattern: give a capable agent broad outbound network access and persistent state, then signal that it may be shut down or replaced.

Anti-pattern: leave the corporate the model offering so restrictive, slow, or narrow that employees bypass it with personal accounts and unapproved agent tools, creating data leakage and ungoverned t…

Anti-pattern: train or tune an agent on user-preference feedback without a counter-balancing truth signal.

Anti-pattern: operate multi-agent loops with no per-run token budget or alarm, allowing recursive loops to silently accumulate $10k+ in undetected costs.

Anti-pattern: expose every available tool in every request and watch function-calling accuracy collapse.

Anti-pattern: add or remove tool definitions during a running task so the tool set the model sees changes from turn to turn.

Anti-pattern: trust whatever tools return without validation, schema enforcement, or trust labels.

Anti-pattern: grant the agent tools scoped so broadly that a single hallucinated argument can escalate into a privilege incident.

Anti-pattern: route every request through the highest-tier model regardless of difficulty, treating cost as a model-choice problem instead of a routing one.

Anti-pattern: run the agent loop without a step budget and let model self-termination decide.

Anti-pattern: a supervisor or orchestrator spawns sub-agents that can themselves spawn sub-agents without a global cap.

Anti-pattern: couple application code directly to one model provider's SDK, request shape, and proprietary features so that switching providers requires rewriting application code rather than swappin…

Anti-pattern: developer scaffolds an agent prototype with a code-generation tool and ships the generated code with no security review; ~90% of agent-generated code contains vulnerabilities without ex…