From Chatbot to Colleague: Our New Agentic AI Whitepaper for SMEs

From Chatbot to Colleague – How agentic AI makes SMEs truly capable of acting.

Following our first whitepaper “How SMEs Stay Competitive Through Generative AI” (2024), we now release its successor: an 80-page guide to the next stage of AI – agentic AI. While generative AI proved that machines can master language, agentic AI proves they can also act.

→ Download the whitepaper for free

Why a new whitepaper – and why now?

2023 to 2025 was the era of answers. We learned that AI can write, summarize and explain. Now the era of actions begins: an agent is a language model that doesn’t just answer but pursues goals – planning steps, calling tools, checking intermediate results and working until the goal is reached. The difference is the same as between a consulting conversation and a colleague who actually gets the job done.

Generative AI answers your question. Agentic AI gets your task done.

Three developments converge in 2025 and 2026 and make the leap possible right now:

• Models that reliably use tools – modern LLMs are trained on structured function calls.
• Open protocols – with MCP (tools), A2A (agent-to-agent), A2UI/AG-UI (interfaces) and AP2 (payments), a vendor-neutral infrastructure is emerging. What Kubernetes was for containers is now taking shape for agents.
• Falling costs – between a cheap open-weight model and a frontier reasoning model lies a factor of more than 100×.

What you’ll find in the whitepaper

Across roughly 80 pages we walk from the technical foundation to operable architecture – concrete, practical and with diagrams.

1. Foundations: How an LLM works – and why it hallucinates

Tokenizer, next-token prediction, knowledge cutoff – the mechanics behind it so you understand why RAG and tools are the decisive levers against hallucinations. Plus our approach CompanyRAG: local files, SharePoint and Nextcloud vectorized in a GDPR-compliant way.

2. Anatomy of an agent

Five building blocks suffice to understand any agent:

1. The goal of the user – what should be achieved
2. The system prompt / persona – the role
3. Context & memory – short-term (context window) and long-term (knowledge, experience, state)
4. Tools via MCP – the agent’s “hands”
5. The agentic loop – plan, act, observe, reflect

Including a dedicated chapter on long-running agents: how to survive onboarding, complaint or sales processes spanning days and weeks – not through a larger context window, but through explicit, durable state.

3. Skills, prompts and self-optimization

Why prompt engineering is overrated and skills are the real process asset. Plus: how an eval loop with cross-model review (Opus checks Gemini and vice versa) continuously sharpens skill libraries.

4. The protocols of the agent world

A map of the emerging standards:

• MCP – for tools and data
• A2A – between agents (handed to the Linux Foundation in June 2025)
• A2UI / AG-UI – generative interfaces (from table to confirmation button)
• AP2 / Agent Pay – when agents pay (Mastercard, Google, OpenAI)
• OAuth 2.1 – the identity layer underneath

5. Agentic AI in practice

Three examples from our own work:

• Cleo – the AI agent of the funeral software CleverOne, whose software can be completely operated via agents through MCP. Authentication via OAuth 2.1, human-in-the-loop at irreversible steps, input from document or voice recording.
• Agentic engineering at innFactory – a skill library powering our entire software workflow: from mandatory plan mode to parallel review agents for security, quality, performance, tests and simplification.
• Workflows or agents? – When an n8n automation is cheaper and more predictable than an agent.

6. Autonomy as a slider

From assistive suggestions through human-in-the-loop and human-on-the-loop to headless agents. Why human-in-the-loop must be the default for regulated data – and why headless systems like OpenClaw or Hermes Agent are fascinating but ultimately “for yourself”.

7. Security: the new attack surfaces

Both current OWASP lists explained:

• OWASP Top 10 for LLM Applications (2025) – prompt injection, excessive agency, system prompt leakage, vector & embedding weaknesses
• OWASP Top 10 for Agentic Applications (2026) – memory poisoning, insecure inter-agent communication, cascading failures, human-agent trust exploitation, rogue agents

Plus the countermeasures that actually help: least-privilege through OAuth scopes, human-in-the-loop, allowlists for dangerous tools, treating tool outputs as data rather than commands.

8. Compliance and law

EU AI Act, ISO/IEC 42001, GDPR and § 203 StGB in healthcare – cleanly explained, with human-in-the-loop as a compliance instrument. This chapter doesn’t replace legal advice; for legally sound implementation we work with our advisory board and the specialized law firm Nörr Digitalrecht.

9. Your own AI stack: operations and cost control

Why the answer is neither an off-the-shelf Copilot nor a SaaS island, but a company-owned AI ecosystem with CompanyGPT in your Azure tenant or sovereignly on STACKIT. The biggest data-protection problem isn’t the carefully built agent – it’s the private ChatGPT on the private smartphone, shadow AI just two taps away. Plus: LLM gateway (routing, budgets) and agent gateway (costs per agent and cost center).

10. Facts, figures, recommendations

A current EU price catalogue from GPT-5 nano to Opus 4.8 – with three lessons: more than a factor of 1,000 between the cheapest and most expensive output token, output is consistently more expensive than input, and sovereignty (STACKIT/Qwen3/gpt-oss-120b) comes at a moderate price. Plus the token economics of agents: why model routing decides profitability.

Three convictions running through the whitepaper

1. Your own stack, not shadow AI. The biggest risk isn’t the agent – it’s the private ChatGPT on the private smartphone of your employees. The answer is a company-owned AI ecosystem that takes everyone along, from intern to executive board.
2. Human at the controls. Agentic autonomy is a slider, not a switch. For regulated processes, humans belong at the approval step – not as a brake but as a compliance instrument.
3. Control over costs and identity. Agents consume resources and act on behalf of users. Both must be measurable, billable and traceable.

Artificial intelligence doesn’t replace companies. But companies with acting AI agents replace those that stop at the answer.

Who the whitepaper is for

Executives, CIOs, CDOs and IT leaders in SMEs and corporates. It explains the technology as far as needed for sound decisions – no more, no less.

Download now

→ Download “From Chatbot to Colleague” – Agentic AI for SMEs for free

You can find the new whitepaper alongside our previous Gen AI whitepaper on our whitepaper page. If you’d like to discuss your specific agentic AI strategy, contact us directly.