Topic 01  ·  grounded in IMDA MGF for Agentic AI v1.5

Topic 01

Agentic AI — Definition & Components

IMDA MGF for Agentic AI v1.5 · §1.1 “What is Agentic AI?”

What an agent is

IMDA states up front that “there is no consensus on what defines an AI agent,” but identifies recurring features: agents “usually possess some degree of independent planning, decision-making, and action-taking (e.g. searching the web or creating files) over multiple steps to achieve a user-defined goal.” §1.1, p.6

Agentic AI systems are “software systems consisting of one or multiple AI agents that may operate individually or collaboratively.” §1.1, p.6 So the unit of governance can be a single agent or a multi-agent system.

What sets it apart from generative AI. Compared to generative AI, “AI agents can take actions, adapt to new information, and interact with other agents and systems to complete tasks on behalf of humans” Exec. summary, p.3. The distinguishing move is from a passive model that produces outputs to a system that acts in and changes its environment. interpretation IMDA calls agents’ access to sensitive data and ability to change their environment “double-edged swords.”

Scope — the generative “brain.” The framework focuses on “agents built on generative AI models … such agents use a small, large, or multimodal large language model (SLM, LLM, or MLLM) as its brain to make decisions and complete tasks” §1.1, p.6. Rule-based or other-neural-network agents are acknowledged but out of focus.

The eight core components

IMDA builds the model up from the parts of a simple LLM-based app. The components group as: #1–3 the core of a simple agent, #4–6 enable more complex tasks, and #7–8 are for safe and reliable performance. §1.1.1, pp.6–7

“Core components of a simple agent” — interactive replica of the IMDA diagram (§1.1.1, p.6). Click any component for its definition.
Core components of a simple agentModelPlanning &ReasoningProtocolse.g. MCPInstructionsGuide decisionsand actionsMemoryRetrieve and storeinfo for long-termToolsInteract withexternal systemsControls · access controls · guardrails · human approvalsLogging and monitoring

Every component, defined

#ComponentWhat it is (IMDA, pp. 6–7)
1ModelThe SLM/LLM/MLLM that serves as the central reasoning and planning engine — the “brain” of the agent.
2InstructionsNatural-language commands defining the agent’s role, capabilities and behavioural constraints (e.g. a system prompt).
3MemoryInformation stored and accessible to the model, in short- or long-term storage — e.g. prior interactions or external knowledge.
4Planning & ReasoningThe model is trained to reason and plan — it can output a series of steps needed for a task.
5ToolsLet the agent take actions and interact with other systems (writing to files and databases, controlling devices, performing transactions). Agents themselves can also be called as tools.
6ProtocolsStandardised ways for agents to communicate with tools and other agents — e.g. MCP (agent↔tools) and A2A (agent↔agent); fast-moving, especially in agentic commerce.
7Controls new in v1.5Limit the agent’s action-space and autonomy: access controls, guardrails, and human approvals.
8Logging & monitoring new in v1.5Records agent actions, decisions and interactions across all components to enable monitoring, debugging and accountability.

Why the v1.5 additions matter. Folding Controls and Logging & monitoring into the definition of an agent itself frames safety and observability not as bolt-ons but as constitutive parts of what an agent is: an agent without access controls, guardrails, approval hooks and an audit trail is an incomplete agent, not merely an ungoverned one. interpretation

(v1.0 listed six components; v1.5 has eight.)

Multi-agent setups

In an agentic system it is common for multiple agents to work together — letting each specialise in a function or task and/or work in parallel. A governance benefit follows directly: with multiple agents, “each agent’s tools and permissions can be separately scoped and defined, compared to a single agent with access to many tools.” §1.1.2, p.8

IMDA gives three simple design patterns (adapted from AWS). Switch between them to see each topology:

Three multi-agent design patterns (IMDA §1.1.2, p.8). Select one.
AgentAgentAgentEach agent’s output becomes the next agent’s input

There is no universally correct architecture — a task can need different or hybrid patterns. The paper’s selection heuristic: a well-defined, step-by-step task lends itself to a sequential architecture, whereas a more open-ended task that requires brainstorming or pursuing different lines of inquiry may benefit from a swarm. §1.1.2, p.8

The supervisor pattern is the structural embodiment of component #5’s “agents-as-tools” note — a supervisor calls specialist agents the way it would call any tool. interpretation

Multi-agent setups also raise systemic risks — agent sprawl, collaborative failures (miscoordination, conflict, collusion), and reduced ability to test across system boundaries — which the framework treats separately under §1.2.3.

Action-space vs autonomy

Even when two agents share the same components, the design of each component changes what the agent can do. IMDA separates two orthogonal axes: §1.1.3, p.8

AxisWhat it isSet by
Action-space (authority / capabilities)Range of actions the agent can take, including transactions it can execute.The tools it may use and the permissions on those tools.
Autonomy (decision-making)Degree to which the agent decides how to act toward a goal (e.g. defining the steps to take).Its instructions and the level of human involvement.

The paper maps the two axes onto a 2×2 grid using a software-engineering agent. The axes are orthogonal — a high-authority agent can still be low-autonomy, and vice versa — so risk is a function of both. Explore the four corners:

Software-engineering agent — the two axes mapped onto a 2×2 grid (IMDA §1.1.3, p.10). Select a quadrant.
← less  Autonomy  more →
← smaller  Action-space  larger →

The four levels of human involvement

Autonomy is also shaped by how much a human stays in the loop. IMDA lists four levels, from most to least human control: §1.1.3, pp.8–10

  1. Agent proposes, human operates — the human reviews and approves every agent action.
  2. Agent and human collaborate — approval at significant steps (e.g. before writing to a database or making a payment); the human can intervene anytime.
  3. Agent operates, human approves — approval only at critical steps or failures (e.g. deleting a database, or a payment above a set amount).
  4. Agent operates, human observes — no approval needed; actions may be audited after the fact.

interpretation Logging & monitoring (component #8) is what makes the bottom rung viable: “agent operates, human observes” has nothing to audit without an evidentiary trail.

Why this matters for governance

interpretation Each component is a distinct control point:

  • Instructions and Memory bound what the agent knows and is told;
  • Tools, Protocols and Access controls bound what it can reach and do — its action-space;
  • Instructions plus Human approvals bound how freely it decides — its autonomy;
  • Logging & monitoring is the evidentiary layer that makes after-the-fact accountability possible — without it, “agent operates, human observes” has nothing to audit.

Specifying an agent therefore means specifying who owns each of these boundaries — which is exactly where roles & responsibilities attach.

Next — Topic 02: Parties & Value Chain. Having mapped what an agent is and where its boundaries sit, the next topic maps those boundaries onto the people and organisations answerable for them: the agentic AI value chain, the internal teams, and where accountability rests.