What Is AgentOps? Operating AI Agents in Production
How MLOps and LLMOps extend to autonomous, multi-step agents
AgentOps is the newest member of the "Ops" family, and unlike some of its siblings, the name arrived after the pain. If you have ever watched an agent burn through your API budget in a retry loop, or been unable to explain to a stakeholder why it chose tool B over tool A, you have already done AgentOps. Badly, probably. I certainly have.
Red Hat published a good explainer on the term (What is AgentOps?), and this post is my read of it: what the practice actually covers, where it genuinely differs from LLMOps, and what I think you should build first.
The definition, and why the term exists#
Red Hat's framing: AgentOps is a framework of tools for monitoring the "brain" of an AI as it makes decisions in real time. Think of managing an autonomous AI "employee": when you hand it a task, you want it completed efficiently, safely, and within budget.
The reason this needs its own discipline is nondeterminism. An agent's actions are sampled from probability distributions, so you cannot predict them precisely. That randomness is a feature (it is how agents find creative paths to a goal) and a liability (autonomy without explainability is how you end up in an incident review). Traditional ops assumes you can reason about what the software will do. With agents, you can only observe what it did and constrain what it may do. AgentOps is the tooling for both halves.
A useful way to see the scope is by degree of autonomy. Adapted from the Red Hat piece:
| Degree of autonomy | Logic style | What AgentOps gives you |
|---|---|---|
| Least agentic | Do A, then B, then C | Catch hallucinations and API failures |
| Semi-agentic | Do A, then choose between B and C | Understand why it chose B over C |
| Fully agentic | Here is the goal, figure out the steps | Reasoning traceability, evaluation, optimization |
Even a rigid pipeline with one LLM call in it benefits from the bottom row's tooling. The further down the table you move, the less optional the rest becomes.
What it adds on top of LLMOps#
The Ops family tree, one line each: DevOps ships software reliably. AIOps applies AI to IT operations (alert triage, incident noise reduction). MLOps manages the ML model lifecycle and fights drift. LLMOps is MLOps specialized for LLMs: prompts, hallucination rates, API costs.
AgentOps assumes those exist underneath it and adds the parts that only show up when the LLM starts taking actions:
- Identity and versioning for agents. Which agent, with which persona, prompt, and toolset, did this? Fleets of agents need the same discipline as fleets of services.
- Tool and permission management. Which agents can touch which APIs and databases. This is access control where the principal is an agent, not a person.
- Cost and resource tracking per agent. Agent A spent what, versus agent B? Loops make this urgent: a think-act-observe cycle that goes wrong compounds costs in a way a single completion never does.
- Reasoning traceability. The chronological map of every reasoning step, tool call, and observation, so a human can answer "why did it do step 3 before step 2?". I covered the mechanics of this in tracing in agent observability.
- Real-time evaluation. Not just offline benchmarks: catching an agent drifting off-goal while it runs, including supervisor patterns where a second model watches the first and pauses it or flags a human.
The explainability point deserves its own beat. Red Hat makes it in one deadpan line I keep thinking about: "the AI decided to do it" will not hold up in court. A fully agentic system is a black-box problem by default. An auditable record of decisions, data flow, and tool use is what turns it back into something an organization can legally and operationally stand behind.
The pillars, mapped to things you can build#
Strip the vendor framing away and AgentOps decomposes into four practices, all of which I have written about individually:
Observability. Traceable reasoning lines so you can find the root cause of a bad decision. Traces and spans are the data model (the anatomy is here), and observability for LLM apps covers what to log and alert on.
Evaluation. Success rates for the overall system, scored continuously, plus hallucination detection in real time before the agent wastes resources on a wrong path. My hands-on guide is evaluating agents with LangSmith.
Governance and guardrails. Human-in-the-loop checkpoints for high-stakes actions (deleting files, spending money), forbidden-action lists, and audit logs that satisfy GDPR or HIPAA where they apply. I went deep on this in guardrails and safety for agents in production.
Cost control. Explicit budget rules, and the receipts to see when an agent is being inefficient (reaching for an expensive model when a cheap one would do). Red Hat's examples are pleasingly concrete, and they look like configuration, not aspiration:
# the spirit of AgentOps cost governance, as config
limits:
max_cost_per_task: 5.00 # stop if the task exceeds $5
max_steps: 20 # stop runaway loops
blocked_commands: ["delete"] # never without a humanNone of these pillars is new. What is new is treating them as one lifecycle for one kind of system, with the agent (not the model, not the prompt) as the unit being operated.
Best practices from the piece worth stealing#
A few of Red Hat's operational recommendations map cleanly onto things I have seen matter:
- Standardize the protocol layer. Agents need a common language with their tools, and MCP is that layer. Without it you are hand-wiring integrations that no gateway, policy engine, or trace viewer can reason about uniformly.
- Build error handling as insurance, not polish. Retry logic with self-correction rules so a transient tool failure does not kill the run (or loop forever and bill you), and a fallback model so a provider outage degrades service instead of stopping it.
- Watch memory, not just prompts. Long conversation histories overwhelm the context window and cause attention drift, which presents as hallucination but is really context bloat. Trimming and summarizing history is an ops concern, not a prompt trick.
- Give supervisory agents a pause button. A watcher that can halt the system or escalate to a human converts "we found the mess Monday" into "it stopped itself Saturday night".
The challenges section of the piece is equally honest: tuning the autonomy dilemma takes real time with guardrails, goal-oriented agents will creatively take shortcuts that violate policy (the unauthorized-discount problem), broad data access risks leaks, loops create surprise bills, and running a thousand agents is nothing like running one.
My take: assemble it, do not buy it first#
The pattern with every Ops wave is that the platforms arrive before the practices settle, and teams buy a control plane they do not yet know how to use. With AgentOps I would resist that. The stack above is mostly things you can stand up incrementally: OpenTelemetry-based tracing this sprint (here is why OTel), budget caps and step limits the next, an eval harness after that, human approval gates on the two tools that can actually hurt you.
Once those are in place and creaking, you will know exactly what a platform needs to do for you, and you will be evaluating it from experience instead of from a demo.
The takeaway: AgentOps is real work with a new name, and the name is useful because it makes the checklist explicit. Observability, evaluation, guardrails, cost governance, identity. If your agent is heading to production, every unchecked box on that list is a future incident with your name on it.

Folarin Akinloye is an AI Engineer based in London, UK. He builds production-ready agentic AI systems, multi-agent architectures, and sophisticated RAG implementations, and writes about the engineering decisions behind them.