An AI agent is a system that perceives its environment, plans a sequence of actions to achieve a goal, and executes those actions using tools or APIs — without continuous human direction at each step. Where a chatbot answers a question in a single turn, an agent performs multi-step work: reading a document, calling a search tool, writing a draft, sending an email, all in one autonomous workflow.
Agents introduce data-governance challenges that single-turn AI did not. An agent's effective access scope is the union of every tool and data source it can call — so a "read-only" agent with access to a CRM, an email account, and a document store has the practical privileges of every one of those systems combined. Lawful basis for the agent's actions becomes layered: the user's basis for the request, the organization's basis for storing the data, the third party's basis for being accessed.
Designing privacy into agentic systems requires explicit answers to questions humans rarely had to formalize: which data classifications can the agent read, write, or transmit; on whose behalf is it acting at each step; how is the audit trail maintained; what guardrails prevent it from acting on prompt-injected instructions. The Model Context Protocol (MCP) is one emerging answer to the which-data, which-tool part of that picture.