137AI > Agents > Software AI Agents
Software AI Agents
Software AI agents are the systems that take autonomous action in digital environments rather than waiting for a person to click the next button. They read repositories and write code, call external APIs, complete purchases, send emails and messages, navigate websites, and coordinate with other agents to finish multi-step work. What sets them apart from earlier automation is that the action policy is learned rather than scripted, the input space is open-ended natural language, and the boundary between instruction and data is structurally porous. The category spans six entity types deployed across consumer, developer, and enterprise environments, each covered on its own page.
The Six Software Agent Types
| Agent Type | Operating Environment | Primary Risk Surface |
|---|---|---|
| Coding & Research Agents | Developer environments, code repositories, terminal sessions, research workflows | Repository write access, command execution, package supply chain, credential exposure |
| Workflow & Orchestration Agents | Connected SaaS stacks coordinating tasks across email, calendar, documents, project tools | OAuth scope creep, cross-app data flow, tool-use injection, audit trail integrity |
| Transaction & Commerce Agents | E-commerce, payments, booking, and procurement systems acting on the user's behalf | Payment authorization, account takeover, agent-to-agent deception, order injection |
| Customer Service & Voice Agents | Contact centers, support channels, IVR replacement, voice-first applications | Voice cloning input, social engineering, PII handling, escalation bypass |
| Enterprise Autonomous Agents | Internal enterprise systems including ERP, CRM, HRIS, ITSM, and financial systems | Privileged credential scope, lateral movement, separation-of-duties bypass, audit corruption |
| Multi-Agent Systems | Coordinated software agents working together on shared tasks across roles and tools | Inter-agent message integrity, role spoofing, consensus manipulation, prompt injection cascade |
What Makes Software Agents a Distinct Category
Three properties separate software agents from earlier automation and from other AI systems.
The first is action authority without per-step review. Agents take steps in sequence, often across multiple connected systems, and the human is in the loop at most at the start and end of a task rather than at every decision.
The second is the porous instruction boundary. Because the agent takes input in natural language, any content the agent ingests, from a web page, a document, an email, a tool response, can contain instructions the agent then follows. Prompt injection is not a defect to be patched out. It is a property of agents that take instruction in natural language.
The third is permission scope. The credentials and integrations granted to enable useful work, repository write access, payment authority, calendar control, customer communication, are the same surface that compromise reaches across.
Where Existing Rules Fall Short
Most enterprise security and software liability law was written for code that does what its developers intend, with bugs and vulnerabilities as the exception. Software agents intentionally take autonomous action based on inferred intent from ambiguous input, and they do so with privileged access to systems that assume their callers are well-behaved. Standards for separation of duties, audit logging, change management, and access control were designed for human operators or scripted services, not for agents whose action is shaped by content they read at runtime.
Financial services regulation handles automated trading and robo-advisors as defined categories but does not yet address agents that complete arbitrary commerce on a user's behalf.
Enterprise risk frameworks treat agentic AI as a software extension rather than as a distinct actor in the system. Individual entity pages document the specific gaps for each agent type.
Related Coverage
Convenience as Attack Surface | Physical Agents | Personal & Ambient Agents | Human Risks