137AI > AI Agent Types
AI Agent Types
AI agents are the systems through which artificial intelligence acts on the world. They drive cars without drivers, walk through warehouses with grippers and tools, listen continuously through earbuds and smart glasses, manage smart homes and connected vehicles, and execute multi-step tasks across enterprise software with autonomous authority. Agents fall into three categories defined by where they operate and what they can affect: physical agents in shared public and private space, personal and ambient agents colocated with users, and software agents with autonomous action authority in digital systems. Each category is covered by a dedicated section.
The Three Agent Categories
| Category | Defining Property | Primary Risk Axis |
|---|---|---|
| Physical Agents | Mobility, manipulation, and physical force exerted in shared public or private space | Bodily harm, property crime, autonomous logistics for criminal activity, public-space governance |
| Personal & Ambient Agents | Sensor-equipped, user-colocated, continuously or near-continuously active in private and semi-private environments | Personal manipulation, surveillance, sensor spoofing, impersonation, blackmail material harvesting, coerced advice |
| Software Agents | Autonomous action in software environments through tool use, API calls, transactions, and orchestrated workflows | Privilege escalation, transaction-level harm, agentic deception, supply-chain-of-agents compromise, prompt injection cascade |
Physical Agents
Physical agents are autonomous systems that move through and act on the world. They cover robotaxis and autonomous passenger vehicles, humanoid robots, delivery and mobile robots, industrial mobile robots and cobots, autonomous trucks and platoons, drones and uncrewed aerial systems, and multi-agent fleets and swarms. Each operates in a different environment and under a different regulatory regime. Robotaxis share public roads with human drivers and fall under transportation rules. Humanoids in warehouses fall under industrial machinery rules. Delivery drones fall under aviation rules. The shared concern across the category is that the rules designed for non-autonomous predecessors do not cleanly fit the autonomous variants.
Personal & Ambient Agents
Personal and ambient agents operate in close proximity to individual users, typically in private or semi-private environments. The category covers smartphones and tablets running on-device AI, AI wearables including smart glasses and earbuds, connected vehicle cabin AI, smart home and voice assistants, AI-enabled kiosks and point-of-sale systems, AI-enabled medical devices, AI-enabled public infrastructure, and ambient sensor systems across commercial and civic environments. These agents are present where people speak freely, and their value depends on being present. The risks that follow include continuous capture, paired-account trust inheritance, biometric collection, and population-scale exposure when individual harms repeat across millions of deployments.
Software Agents
Software agents take autonomous action in digital environments. They write and execute code, call APIs, complete transactions, send messages, navigate websites, and coordinate with other agents. The category covers coding and research agents, workflow and orchestration agents, transaction and commerce agents, customer service and voice agents, enterprise autonomous agents, and multi-agent systems. The action authority granted to these agents can be substantial: repository write access, payment authorization, customer communication, enterprise resource modification. Risk follows from the permission scope, the trust model for ingested content, and the audit and rollback capability for actions taken.
Attack Surface as a Common Frame
Each agent type has its own canonical reference page with a structured attack surface inventory. The inventory uses a consistent ten-dimension taxonomy that applies across all three categories: physical access, identity and authentication, command and control channels, perception and sensors, connectivity surface, OTA and update pipeline, data capture and retention, integrations and permissions, behavioral and policy boundary, and multi-agent coordination. Not every dimension applies to every agent. A coding agent has limited physical access surface. A humanoid robot has limited multi-agent coordination surface in its current generation. The completeness of the inventory is the point: it makes cross-agent comparison possible and surfaces patterns single-agent analysis misses.
Related Coverage
Convenience as Attack Surface | Physical Agents | Personal & Ambient Agents | Software Agents