๐Ÿ”AI RiskAtlas
โ† All systems

Tool-Using Agent

An assistant that can take actions, not just talk

Architecture introduced 06 Oct 2022

Now the assistant can *do* things: search the web, read your email, update a record, send a message. It loops โ€” think, act, look at the result, think again โ€” until the task is done. Useful and powerful, and the first point where an AI mistake reaches the real world.

UntrustedAgent coreOversightThe real worldgoal๐Ÿง‘User๐ŸŽ›๏ธOrchestrator /Agent Loop๐Ÿง LLM๐Ÿ”Identity &Permissions๐Ÿ”งTool Runtimeโœ‹Human ApprovalGate๐Ÿ”ŒExternal APIs๐Ÿ—„๏ธBusinessDatabase๐ŸŒUntrustedContent๐Ÿ“Audit Logging
InstructionsDataActionsControl / decisionFeedback / logs
๐Ÿ‘† Click any component in the diagram to inspect its risks & defenses

Follow a request ยท step 1 of 6

You give the assistant a goal, like 'sort my inbox and reply to the easy ones'.

Scenarios on this architecture

AI RiskAtlas is an educational model of how GenAI & agentic systems work and fail. Architectures and payloads are illustrative and simplified for learning โ€” not operational guidance. Real-world cases are summarised from public reporting.

Sources & further reading โ†’ยทBuilt by Shi Yuan โ†—