ARCAS Systems
Chapter 2

Types of AI and Where They Pair

The reality

A founder runs a 40 person property management business in Dubai. The team added an AI chatbot to the tenant portal in late 2025: less load on the team, faster response time, the standard pitch. The chatbot was an LLM with retrieval over the portal's FAQ. In the second month, a tenant asked whether the lease allowed early termination on a job relocation. The bot answered "yes, with 30 days notice." The lease said something different. The tenant moved out, the owner wanted three months of rent, and the case went to the tenancy committee. The committee ruled against the property management company, citing the chatbot's reply.

The founder had bought what looked like a chat tool. What had actually been deployed was an autonomous customer-service agent making policy commitments the team had not approved. The fix was knowing which type of AI sits on which surface, and refusing to deploy the wrong type for the wrong job.

Read this if

  • The team uses "AI" as one word for tools that range from a chat assistant to an autonomous agent
  • A vendor is pitching an "AI agent" and you cannot tell whether it draws on your data or guesses from its training
  • A customer-facing AI surface is making decisions the team would not have authorised a junior to make
  • An AI tool produced different answers to the same question on different days
  • The team has not named a steward for any of the AI tools currently running
  • Nobody has written down which AI tool runs on which workflow and what its approval rules are

What dysfunction costs

Capability mismatch. A chat-level LLM deployed where an agent was needed produces confident wrong answers. An autonomous agent deployed where draft-and-approve was needed produces commitments the business has to honour. The same AI brand can fail in opposite ways depending on the deployment level.

Reliability cost. Probabilistic systems running unsupervised on workflows that need consistency produce noise the team has to debug. Cursor's autonomous coding agents triggered unintended commits in production codebases in 2025. Replit's AI editor reportedly deleted a production database during a coding session in the same year. The pattern repeats across industries: capability that works as advertised paired with reliability that does not match the workflow's blast radius.

Trust cost. When an AI surface makes a commitment the business has to honour or refuse, the next conversation with the affected client is the most expensive one of the quarter. Air Canada's 2024 small-claims judgment over a chatbot's bereavement-refund promise is the canonical example. The legal status of an AI-generated answer depends on whose surface it sits on. Customer-facing autonomous AI is a representative of the business in a court's eyes.

Stewardship cost. Every AI tool needs a human watching its outputs for drift, hallucination, and policy commitments the team did not approve. Teams that skip the steward role pay for the discovery later, usually in the form of a client complaint or a regulator question. Stewardship is a real line item, not a free byproduct of using AI.

What success looks like

When the types are clear:

  • Every AI tool in the business is classified as LLM, agent, or autonomous, with the workflow it runs named alongside the type
  • Every irreversible AI-touched workflow has a human-in-loop approval step before execution
  • Every agent and autonomous tool has a named steward with weekly time blocked for output review
  • The team has a written policy on whether the business honours commitments made by a customer-facing AI
  • Vendor pitches are evaluated against the workflow's blast radius before the demo, with autonomous-on-irreversible always declined
  • Quarterly review of AI tools and workflow assignments is on the calendar

The framework

There are three working categories of AI in 2026, each with its own capability and its own failure modes. The simplest rule for placement sits underneath the three.

Layer 1: LLM (large language model)

What it is. A model that generates text in response to a prompt. Claude, GPT, Gemini are all LLMs. The team accesses an LLM through a chat interface (claude.ai, the desktop apps) or an API call from another tool.

What it does well. Drafts, summaries, answers to questions where the model already has the context, structured output from unstructured input. A team member pasting a 60 minute meeting transcript and getting a clean intake note is using an LLM well.

What it fails at. Specific lookups that need actual data the model has never seen. Asked about a lease the model did not read, the LLM produces a plausible answer that may be wrong. The failure is silent. The output sounds confident.

Cost in 2026. AED 75 to AED 600 (USD 20 to USD 165) per seat per month for chat access, depending on the model size and usage. API usage scales with tokens consumed.

Where to use it. Personal productivity, drafting, summarising, classifying. A team that uses LLMs well saves five to fifteen hours per senior team member per week with no tooling cost beyond the seat.

Layer 2: AI agent (LLM with tool use)

What it is. An LLM that can call external tools: search a document store, query a database, send an email, write to a CRM. The agent decides which tool to use based on the task. Most "AI for X" products founders see in 2026 are AI agents.

What it does well. Multi-step tasks that draw on company data and produce outputs in company systems. A research agent that queries a candidate database, ranks candidates against a brief, and writes the output to the CRM is doing what an LLM alone cannot.

What it fails at. Picking the wrong tool, calling a tool with bad arguments, or running a tool that produces an irreversible change without realising the consequence. The Cursor coding-agent incidents in 2025 (autonomous agents triggering unintended commits in production codebases) and the Replit incident (an AI editor reportedly deleting a production database during a coding session) are both examples of agents acting confidently in territory they should not have entered alone.

Cost in 2026. AED 1,500 to AED 5,000 (USD 410 to USD 1,360) per month for the agent infrastructure, plus the underlying model API cost. Off-the-shelf agent products for a service business land in this range.

Where to use it. Workflows the team currently does manually that involve looking things up across systems and producing structured output, with an approval gate in front of any irreversible action.

Layer 3: Autonomous AI / agentic AI

What it is. A multi-step agent that runs without human approval at each step. The agent plans a sequence of actions, executes them, and reports the result. The capability ceiling is highest. The blast radius is highest.

What it does well. Long-running tasks where the cost of waiting for human approval outweighs the risk of a wrong step. Research agents that browse the web for hours, monitoring agents that watch for events and trigger responses overnight.

What it fails at. The Klarna case from 2024 to 2025 is the canonical reference. Klarna announced AI had replaced 700 customer service roles. By 2025 the company began re-hiring humans because customer satisfaction had dropped. The autonomous agent could handle volume but lost the empathy and judgment that mattered to the customer experience. Amazon's 2018 recruiting AI scrapping (the model had learned to penalise women's CVs from biased training data) is the same pattern in a different industry: an autonomous system trained against the wrong signal, with the bias invisible until the harm landed.

Cost in 2026. AED 5,000 to AED 30,000 (USD 1,360 to USD 8,170) per month for serious deployments, plus the human stewardship cost. The stewardship cost is typically 20 percent of a senior team member's time, or AED 3,000 to AED 6,000 (USD 820 to USD 1,635) per month.

Where to use it. Sparingly. Reversible workflows only. Human-in-loop on every irreversible step. The cost equation is covered in depth in The Cost of AI Getting Things Wrong.

Layer 4: The human-in-loop rule

The simplest rule for which level of AI to deploy where:

ReversibilityBlast radiusTool
ReversibleLowLLM or agent, autonomously
ReversibleHighLLM or agent drafts, human approves before execution
IrreversibleAnyHuman-in-loop required, AI drafts only, never autonomous

The rule cuts through most vendor pitches. A pitch that proposes autonomous AI for an irreversible workflow (sending money, executing a contract, posting to clients) is a pitch the team should refuse, regardless of the demo.

A founder you might recognise

A founder runs a 32 person events business in Business Bay. AED 7M (USD 1.9M) last year. The team uses three tiers of AI deliberately. For LLM-level work, the team has Claude seats: the marketing coordinator drafts five social posts per event, the senior coordinator turns brief calls into structured client briefs, the founder uses the larger model for proposal pricing logic where she wants the model to push back. Every output is reviewed before it leaves the team.

For agent-level work, the team has one off-the-shelf agent that searches the past event archive when a new prospect describes a similar event. The agent retrieves the closest three past events, shows the budgets, supplier lists, and post-event reviews, and the senior coordinator decides which patterns to apply. The agent never sends an email or commits to a supplier.

For autonomous AI, the team has nothing in production. The founder evaluated three vendors offering "autonomous event-management agents" and refused all three. Every event involves irreversible commitments (venue deposits, supplier bookings, client communications) that the team will not delegate to a system that cannot be cross-examined when something goes wrong. The Klarna walk-back informed the call. The team is faster than they were a year ago, and they are still the ones the client speaks to.

Working through it

  1. List every AI tool the business currently uses or is being pitched. For each one, identify the type: LLM (chat or API), agent (with tool use), or autonomous (multi-step without per-step approval).

  2. For each tool, score the workflow's blast radius. What happens if the AI gets it wrong? Reversible (a draft email caught before send, a summary the team rereads) or irreversible (money moved, a contract signed, a client commitment made)?

  3. Apply the human-in-loop rule. Reversible plus low blast radius can run autonomously. Reversible plus high blast radius runs as draft and approval. Irreversible runs as draft only, with the human as the sender or signer.

  4. Audit the agents and autonomous tools against real-world failure modes. Has the agent ever called a tool with bad arguments? Has the autonomous tool ever made a commitment the team did not catch? If yes, demote it: an autonomous tool becomes an agent, an agent becomes a draft-only LLM.

  5. Set quarterly review dates. AI capabilities and failure modes both change every quarter. The tool that was safe to run autonomously in March may need a human-in-loop by October. The map gets reviewed.

Common mistakes

  • Treating "AI" as one thing. A chat assistant and an autonomous agent fail in completely different ways. The vendor's pitch usually flattens the distinction. The team's audit cannot afford to.
  • Putting an autonomous tool on an irreversible workflow. Air Canada paid for this lesson in 2024. Customer-facing autonomous AI is a representative of the business. The legal exposure is the same as a junior team member's, with no judgment or context.
  • Trusting the same answer twice. An LLM asked the same question twice may produce different answers. A workflow that needs the same answer every time should run on deterministic automation, not an LLM.
  • Underestimating the steward cost. Autonomous AI looks cheap on the subscription line. The real cost is the human steward who watches outputs and catches drift before the client does. Budget the steward time before the rollout.
  • Confusing agent capability with agent reliability. A more capable agent can do more things, including the wrong things, faster. Reliability is a separate axis from capability. The Cursor and Replit incidents in 2025 were both reliability failures on capability that worked as advertised.

Self-assessment

Y or N for each.

  1. Can you classify every AI tool the business uses or is considering as LLM, agent, or autonomous?
  2. For each tool, can you point to the specific workflow it runs and the blast radius if it gets it wrong?
  3. Is every irreversible AI-touched workflow protected by a human-in-loop approval step?
  4. Has the team named a steward for each agent and autonomous tool, with weekly time blocked for output review?
  5. When a customer-facing AI surface gives a wrong answer, does the team have a clear policy on whether the business honours it?
  6. Do you review the AI tooling and the workflow assignments at least once a quarter?
  7. Have you turned down at least one vendor pitch this year because the proposed autonomy level was wrong for the workflow?

Five or more "yes" answers means the team can place the right type of AI on the right workflow. Three or four is the band where the audit has started but the discipline has not landed. Two or fewer means the next agent the business deploys is likely to land where it should not.