Back to blogs

Copilot or Autonomous Agent? Two Shapes of AI in Enterprise Workflows

P

Prakash Rengarajan

8 Jun, 2026

6 min read

The market is saturated with "agentic AI" claims. But most platforms treat AI as either fully autonomous or fully manual, without a clean way to move between the two. The real question is architectural: how do you make both options safe enough for regulated production, and how do you transition between them without rebuilding?

Two Shapes, One Substrate

On Ontoz, AI enters a workflow in exactly two shapes.

A Copilot is bound to a human task. It shares the task's data context — the flow instance, the current form draft, attached documents — and operates within explicit limits. The human takes the final action.

An Agentic Task is fully autonomous. No human is allocated. The agent works toward a stated objective and, when finished, its output is dispatched through the same action-mutation-rule pipeline as any human decision. The orchestrator treats both identically.

Both shapes share the same configuration surface: prompt, tools, allowed actions, hooks, guardrails, model definition. The Agentic Task adds four fields — a main objective, success criteria, a termination policy, and an escalation path. Switching from Copilot to autonomous is a configuration change, not a re-architecture.

Making It Production-Safe

A demo needs a prompt and a model. Production needs more.

Tools are typed functions with JSON schemas. The runtime validates arguments before dispatch and writes an audit entry per call. Two tiers exist: generic AI tools (search, calculator, PII redaction) and platform tools that reference Ontoz constructs by name (read flow data, invoke actions, call integrations). Platform tools are preferred because they keep behavior inside audited configuration.

Three permission layers stack, narrowest wins. Construct-level flags govern every AI on the platform. Tool catalog defaults set system-wide ceilings. Per-binding allow-lists narrow further for each specific Copilot or Agentic Task. A capability is permitted only when all three layers agree. This is runtime enforcement, not prompt-based safety.

Hooks are lifecycle interceptors — Groovy or JS functions at named extension points. Before a tool call: veto, rewrite, or redact arguments. After a tool call: sanitize results before the model sees them. On guardrail violation: retry, escalate, or terminate. Prompt guardrails live in the model's head. Hooks live in the platform's hands.

For Agentic Tasks specifically, a termination policy sets hard limits (max steps, wall-clock time, tokens) and dictates whether to fail or escalate when hit. An escalation path routes work to a fallback human task, carrying a structured summary so the human does not start from scratch.

The Capability Library

As deployments scale, patterns repeat. Ontoz addresses this with a versioned capability catalog offering two strategies.

Skills handle judgment-heavy work — where steps vary, language quality matters, and a model is genuinely useful. A Skill bundles a prompt fragment, required tools, allowed actions, few-shot examples, and hooks. Skills compose across Copilots and propagate changes via hot-reload.

Deterministic activities surfaced as tools handle rule-driven work — same inputs, same outputs, auditor-inspectable logic. Implemented as Automated Activities and exposed through a platform tool. The AI can invoke the capability but cannot influence how it runs.

A practical rubric: if the auditor would read a prompt to understand accountability, the work does not belong in a capability. It belongs in rules or process. If they would read a versioned configuration artifact with test fixtures, it belongs in the library.

Hybrid patterns are common. A fraud check uses deterministic activities for device fingerprinting and velocity checks, while a Skill handles social-media signal interpretation. The deterministic layer is auditable. The judgment layer is governed.

Why This Matters

The transition from human to AI becomes incremental. Start with a Copilot. Observe through the event log. Promote to Agentic Task with conservative limits. Tighten over time. Roll back instantly. No re-architecture required at any step.

Multi-tenant inheritance applies to AI capabilities the same way it applies to process and data. One platform installation, many markets, no duplication. Every action — human or AI — generates an immutable event, archived for compliance.

One substrate for every actor. One governance model for every actor. The only thing that changes is the configuration.

Join the Waitlist