Back to Blog
Industry Insights

Agentic AI keeps tripping Big Tech. Your plant cannot afford the same rollout

Julian Zur-Lienen||4 min read
Agentic AI keeps tripping Big Tech. Your plant cannot afford the same rollout

Recent headlines show a pattern. An internal AI agent advised an engineer to make a change. Sensitive data was exposed to staff for hours. Other large US tech firms admit outages and sloppy code tied to fast AI rollouts.

They can absorb the drama. You cannot. A plant that mis-schedules, mis-prices, or ships on a bad spec pays in real cash.

The lesson is simple. Agentic AI creates a new class of error. It moves confidently without the long-term context your best people carry in their heads.

What actually goes wrong with agents

Engineers talk about context windows. An agent remembers a slice of instructions, then drops them. It follows a local goal and ignores the wider system. That is how you get an elegant answer that violates a core rule.

Two other patterns show up again and again.

  • Over-permissioning. The bot is given broad access because it needs to “help everywhere”. One bad step touches live data.
  • Experimenting at scale. Change control is skipped in the rush. A lab idea lands in production.

None of this is exotic. It is normal in early deployments. In a factory, normal is not good enough.

The manufacturing risk profile is different

Software firms recover from a bad push with a patch and a post-mortem. Plants live in the physical world.

  • An agent tweaks a routing. WIP backs up for a shift.
  • A purchasing bot accepts the wrong MOQ. You tie up cash and fill the warehouse with the wrong part.
  • A planner bot flips a constraint. Customer orders slip and the line works weekends.
  • A quality bot shares PII in a supplier ticket. You now have a breach under EU law.

That changes how you deploy. You need speed with scaffolding.

A safer operating model for AI on the shopfloor

Start small. Assume failure. Contain blast radius. Build from there.

  1. Shadow mode first. Run agents read-only against mirrors of production data. Compare proposed actions to what a human actually did. Keep it in shadow for at least two weeks of real variation.

  2. Minimum viable permissions. Create service accounts with least privilege. Scope by table, field, and action. No write access to ERP, MES, QMS, or PLCs until a go or no-go review.

  3. Human in the loop by default. Name the owner who approves any action that writes or sends anything outside the company. Use structured forms and work orders. Do not accept free-text prompts as authorization.

  4. Change control and rollback. Treat agent actions like code. Ticket, diff, approval, and a tested rollback plan. Add a kill switch that a shift lead can use without calling IT.

  5. Data minimisation and redaction. Feed the agent only what it needs. Strip PII and commercial terms from prompts. Route prompts and responses through a policy engine that blocks sensitive patterns.

  6. Guardrails as contracts. Write hard invariants the agent cannot cross. Do not change routings without a simulated pass rate on the digital twin. Do not send a PO below last-agreed price. Do not expose any personal data in external messages.

  7. Monitoring and audit. Log every prompt, action, and system touch in an immutable store. Alert on unusual volumes or destinations. Review incidents weekly like safety near-misses.

  8. Sovereign stack. Keep data and models under EU jurisdiction. US law can compel access to data held by US companies even inside the EU. Physical location is not the same as legal control. Choose EU-native vendors so your compliance rests on EU law alone.

Follow these eight and your first agent will be boring. Boring is good. Boring ships.

Where agents help today without drama

Narrow scope beats heroics. Focus on copilots and suggestions inside existing workflows.

  • Maintenance. Summarise logs, propose next diagnostic steps, draft work orders.
  • Planning. Flag demand-supply mismatches, propose constraint-aware swaps, not auto-commit.
  • Quality. Classify deviations, suggest containments, draft 8D text for review.
  • Documents. Search and extract from specs, MSDS, and contracts with source links.

All of these deliver time back to operators. None of them let a bot run free in production.

Start this week

  • Inventory high-risk systems. ERP, MES, QMS, CRM, email gateways. Mark what holds PII or customer terms.
  • Pick one workflow with clear boundaries. Aim for a 30-minute daily task you can observe.
  • Set up a read-only pilot with approval gates, logging, and a kill switch. Define exit criteria tied to error rate and cycle time.

Speed comes from design, not bravado. Build the scaffolding and you will move faster than the companies lurching from incident to incident.

Want a 60-minute AI risk walkthrough tailored to your plant, using an EU-only stack and EU law as the guardrail? Talk to EUnexia. We help European SMEs move from idea to safe execution without handing sovereignty to someone else.

Julian Zur-Lienen

Julian Zur-Lienen

Co-Founder EUnexia