10 things I'd tell anyone starting to build AI agents in production

I run AI agents for marketing at Albato Embedded. About 60 of them in production right now. Reading this sub for a while, the same handful of problems keep coming up: *context loss, instructions getting ignored, blowing through tokens way too fast*. Here are **10 things** I'd tell someone starting out, mostly stuff I learned the hard way. **1. Don't let agents accumulate session history.** The longer the session, the more the model's behavior drifts. Pass each agent only what it actually needs for the task at hand. Restart sessions regularly, don't run them for hours. **2. Rules in a prompt are optional.** Rules in code are not. If a rule actually matters, don't trust the prompt to enforce it. The agent will skip it under load or in edge cases. Put the rule in code as a check that runs after the agent and blocks anything that violates it. **3. Trim context before every call.** Most of your token bill goes to context the agent doesn't need. Don't pass full chat history to every sub-agent. Have an orchestrator that picks just what each agent needs for its task and hands it over. Saves money and gives you fewer quality issues at the same time. **4. Don't trust agents not to make things up.** Hallucinations don't get fixed by a stronger "don't make stuff up" line in the prompt. They get fixed by a check that compares output to source. If the output cites a name, fact, or number, validate it before anything ships. Especially for anything that goes out under your brand. **5. One agent - one task.** Multi-agent setups fail when each agent decides what to do next. Narrow the scope: one agent does one task inside a defined process. The orchestrator decides the run order and what each agent sees. **6. State doesn't live inside the agent.** Don't keep important data inside agent memory. Save it to files, a sheet, or a small database, somewhere you can read from outside the model. Otherwise you can't go back and audit yesterday's run if something looks off. Memory inside the model is fine for a demo, not for production. **7. A tuned pipeline doesn't survive off-plan input.** A workflow that's run smoothly for months looks bulletproof. Throw in one off-plan task (a different topic angle, a surprise input format, an urgent one-off) and the whole thing falls apart. Same way a human team's process breaks the moment someone at the top reshuffles priorities mid-cycle. The pipeline wasn't bad, it was tuned for the route nobody changed. Anytime you add something new, treat it as day one. Read every output, audit each step, retune before you trust the speed again. **8. Don't use an agent if a script can do it.** Test before you reach for an agent: can you write the steps as a numbered checklist a junior could follow with no judgment calls? If yes, write a script. Agents are worth using only when the steps change depending on the input. Otherwise you've built a fragile, expensive script with extra steps. **9. Schema validation isn't safety.** When an agent calls a tool or API, the schema check only confirms the call looks right on paper. It won't catch a call that's technically correct but does something destructive (think a DELETE without filters, or a fetch to an internal IP address). Add a separate check on the actual values before the call runs. Catches the dangerous ones cheaply. **10. Don't run instructions found in tool outputs.** If your agent fetches a URL, reads a file, or scrapes a page, treat that content as data only. Anything that looks like an instruction inside it is a prompt injection attempt. The rule has to be in code: agents only act on instructions from the active session, not on commands found in content they read. Pattern across all 10: the failure mode is almost never: *the model isn't smart enough*. It's: *we let it decide something it shouldn't have* or *we trusted it not to lie about whether the work happened*. The fix that's worked every time is the same. Don't let the model decide what to do next, and keep state and checks outside the model. Boring, but it holds.