The grounded-agent playbook

Why hallucinations are a deployment killer

Every AI agent demos well. Two prompts, three smart responses, a round of applause, a Slack channel called #ai-rollout. That's day one. Day three is when an account exec sends a prospect a follow-up with a feature that doesn't exist. Day seven is when a CFO discovers the agent matched an invoice against last quarter's PO. Day fourteen is when the Slack channel goes quiet and somebody on the team writes a polite Notion doc titled "Pausing the AI pilot."

We've watched this pattern happen at dozens of companies, and the failure mode is almost always the same. The agent is fluent enough to sound confident, but it has no grounding in your actual reality — your CRM, your contracts, your runbooks, your data. When it doesn't know, it doesn't say so. It fills in the blank with something that sounds plausible. That's the hallucination tax, and it's expensive.

The single biggest predictor of whether an AI deployment succeeds at twelve months isn't model quality. It's whether the agent can be trusted on a Tuesday afternoon by a tired ops manager who needs to ship and doesn't have time to fact-check every line. Grounding is what makes that trust possible.

What "grounded" actually means in practice

Vendors throw the word "grounded" around like it's free. We use it specifically. An agent is grounded when every claim it makes — every number, name, date, status, recommendation — can be traced back to a verifiable source the customer controls. Not the model's training data. Not a fuzzy recollection. A specific document, record, ticket, or row.

That has three implications. First, the agent has to be willing to say "I don't know." Most aren't, because saying that is a worse user experience in a demo. We think it's a vastly better one in a deployment. Second, the agent has to expose its sources, not hide them in a chain-of-thought log somewhere. Third, the system has to be designed so that when the source is wrong, the human notices — not the agent.

In practice, we enforce this at three layers: a retrieval layer that pulls only from sources the customer has explicitly granted, a generation layer with prompts that penalize ungrounded claims, and a verification layer that compares the response against the retrieved sources before it ships. Anything that fails the verification gets flagged or rewritten — not silently dropped.

Citation-first design — show your work

Every Wonderful Agent response includes citations. Not as an afterthought, not in a sidebar nobody reads, but inline — the same way a researcher cites their sources mid-sentence. If Sage tells a customer their contract auto-renews on June 30th, the date is linked to the specific clause in the specific PDF. If Atlas flags an invoice as a duplicate, the citation goes straight to the matching invoice in your ERP.

This isn't a UX flourish. It's a design constraint that reshapes the model. When you require citations at generation time, you can't say things you can't back up — the model literally has nowhere to point. Hallucinations don't get filtered out at the end; they get prevented at the start, because the generation budget runs out before the model can invent something.

The side effect we didn't expect: customers tell us the citations are the single feature that moves their internal review process from "we need to fact-check every output" to "we trust this enough to ship." A clickable citation is the smallest unit of accountability we know how to build into a system.

When to use retrieval vs. when to ask a human

Not every question has an answer in your data. The mistake most agents make is treating that as a problem to solve with creativity. We treat it as a routing decision.

Our agents have an explicit "I don't have enough to answer this" path. When the retrieval confidence is below threshold, or the question touches a domain the agent isn't grounded in, the response isn't a guess — it's an escalation. Sage will draft an answer based on what it found, mark the parts it's uncertain about, and route the ticket to the right human with a one-line summary. Aria won't quote a discount it's not authorized to offer; it'll loop in a sales lead.

That sounds obvious. It isn't, because building it well requires you to design the system around the assumption that some percentage of questions are deliberately out of scope. Most agents are built around the assumption that they should be able to handle everything, and the result is over-extension. We'd rather an agent answer 70% of questions reliably than 100% of questions unreliably.

A worked example: how Sage answers a security question

Here's a real (anonymized) flow. A customer of one of our customers messages support: "Are you SOC 2 compliant? And do you store data in the EU?"

Sage does four things in sequence. One, it retrieves the most recent security documentation from the customer's knowledge base — the SOC 2 report PDF, the EU residency page, and the trust center status. Two, it checks the dates: is the SOC 2 still current? When was the residency page last updated? Three, it drafts a response with two citations — one to the report (with a specific page number), one to the residency confirmation. Four, it runs the response through a verification step: does every factual claim in the draft appear in the cited sources?

If yes, the response ships. If no, the failing claim is removed and replaced with an "I don't have a current source for this — escalating to your security team" note, and a ticket is opened with the relevant context attached. Total elapsed time: under 12 seconds. Total elapsed time without grounding: about 4 seconds, and a 1-in-15 chance of an answer that costs the deal.

That's the tradeoff. Grounded agents are slightly slower and substantially more useful. That's the playbook.