A CFO does not need one all-knowing chatbot sitting on top of the company. She needs one agent that can triage invoice exceptions, another that can chase missing purchase orders, another that can draft variance notes, and a controller who can see every action before money moves.

That is the difference between AI assistance and business automation.

The pattern is already visible in mid-market operations: the generic chatbot is a useful interface, but it is a poor unit of operational design. It can answer a question about a refund policy. It can summarize a customer thread. It can sometimes call a tool. Real automation asks for something less glamorous and more durable: an agent shaped around a specific job, with the right systems, policies, approvals, traces, and tests built in from day one.

Agent work inside companies should not become one giant assistant with every tool installed. It should become a portfolio of smaller agents, each responsible for a defined slice of work.

The Chatbot Is the Wrong Boundary

The generic assistant became the default mental model because it is easy to buy and easy to try. Give it access to documents, connect a few apps, and ask it to help. For personal productivity, that is often enough.

For operations, it breaks at the boundary where work becomes accountable.

Consider a support workflow. A customer asks for a refund, mentions a shipment delay, threatens to cancel, and attaches a screenshot from a legacy portal. A generic assistant can draft a reply. A workflow agent needs to classify the issue, retrieve the order, inspect policy by region and customer tier, decide whether the refund is allowed, create an approval task if it is not, update the ticket, cite the evidence, and avoid touching payment systems unless the approval path says it can.

Those are different products.

OpenAI's Practical Guide to Building Agents makes this distinction plainly: agents are systems that can execute workflows on a user's behalf with tools, instructions, decisions, and guardrails. The same guide advises teams to look for workflows with complex decisions, hard-to-maintain rules, and unstructured data. That is almost exactly the mid-market automation backlog: support exceptions, invoice mismatches, quote desk back-and-forth, onboarding paperwork, compliance intake, and CRM hygiene.

The chatbot boundary says: "What can this assistant answer?"

The workflow boundary says: "What job can this agent complete safely?"

That second question is the one operators can fund, measure, and govern.

Context Stuffing Is Not an Operating Model

Many agent projects try to solve integration by inflating context. Add more tools. Add more documents. Add more skills. Add more instructions. Keep pouring company knowledge into one general-purpose agent until it can supposedly do everything.

That works for demos longer than it works for operations.

The Model Context Protocol helps with integration because it gives AI applications a common way to connect to external systems, including files, databases, tools, and workflows. It reduces the custom connector burden. It also makes it easier for tools to travel across clients.

But a tool catalog is not the same as a workflow owner.

If one assistant has Gmail, Salesforce, NetSuite, Slack, Google Drive, browser control, data warehouse queries, and a pile of skills, the business still has to answer hard questions:

  • Which tool is allowed for this case?
  • Which customer records can be read?
  • Which action requires approval?
  • Which policy wins when two documents disagree?
  • Which step should stop the run?
  • Which failure becomes a regression test?
  • Which operator owns the queue when the agent gets stuck?

MCP helps expose capability. Domain-specific agents decide how that capability is used.

Anthropic's Building Effective Agents gives buyers a useful filter. It points teams toward simple, composable patterns: prompt chaining, routing, parallel checks, orchestrator-worker designs, evaluator loops, and agents that get ground truth from the environment. It also warns that agentic systems trade cost and latency for better task performance, so added complexity should earn its keep.

That is the right posture for a portfolio company. Do not buy complexity because it looks advanced. Add it where the workflow pays for it.

What a Domain-Specific Agent Actually Is

A domain-specific agent is not just a prompt with a department name at the top.

It is a bounded worker with:

  • A defined job, such as "triage invoice exceptions under $25,000."
  • A narrow toolset, such as ERP lookup, purchase order retrieval, vendor master search, and task creation.
  • Workflow-specific instructions generated from SOPs, policies, and examples.
  • Permission rules that match the job rather than the whole employee profile.
  • State and memory limited to the case or queue it owns.
  • Stop conditions, escalation rules, and approval gates.
  • Traces that show what it saw, what it did, and why.
  • Evals based on real historical cases and production failures.

That agent may be called from chat. It may be one node in a larger orchestration. It may be a tool used by a manager agent. The interface matters less than the boundary.

The OpenAI Agents SDK formalizes many of these pieces: agents with instructions and tools, handoffs between agents, guardrails, sessions, human review, tracing, and MCP tool calling. The detail worth noticing is the operating model: managed runs, scoped tools, handoffs, guardrails, and traceable execution instead of one model with everything.

Claude Code's custom subagents show the same pattern in software work: a subagent can have its own context window, prompt, tool access, and permissions. Business workflows need that boundary. The finance agent should not carry the support queue. The support agent should not carry the GDPR memo unless the case needs it. The GDPR agent should not have write access to the CRM.

Small boundaries are not a limitation. They are the control surface.

Why Custom Workflow Agents Beat Generic Chatbots

For mid-market companies, the advantage is practical.

First, narrower agents reduce waste. A refund agent does not need the full company handbook, every sales deck, and every spreadsheet in the drive. It needs policy, account status, order history, refund tooling, approval rules, and a set of examples. Smaller context means lower cost, less confusion, easier testing, and a clearer route to smaller models for simpler steps.

Second, permissions become easier to reason about. OWASP lists excessive agency as a top LLM application risk because systems often give models too much ability to act, too much access to data, or too much room to chain actions. A domain-specific agent can be restricted to the authority its workflow needs. The invoice triage agent can read the vendor file and create a review task. It does not need permission to approve payment, change bank details, or message every employee.

Third, evals get sharper. A generic assistant has a vague success target: be helpful across many tasks. A workflow agent has cases. Did it route this refund correctly? Did it flag the duplicate invoice? Did it update the CRM field once? Did it ask for human approval above the threshold? This is where every production failure should become an eval case. The narrower the job, the easier it is to define pass and fail.

Fourth, observability becomes meaningful. A trace from a general assistant can be a long mix of unrelated tasks, documents, and tool calls. A trace from a domain-specific agent has a known path: classify, retrieve, decide, act, verify, hand off. That makes debugging faster and management reporting cleaner.

Fifth, ownership becomes clear. A "company AI assistant" belongs to everyone and therefore often belongs to no one. A quote desk agent belongs to revenue operations. A ticket resolution agent belongs to support operations. An invoice exception agent belongs to finance. The business owner can review weekly evals, approve policy changes, and decide what the agent may do next.

The Right Shape Is a Team, Not a Giant Prompt

The better pattern is composition. Instead of one general agent with more context bolted on, use a group of small agents that coordinate.

In business terms, the coordinator handles routing and synthesis. Specialist agents do the work they are built for.

A customer renewal workflow might look like this:

Agent Job Tools Human checkpoint
Renewal coordinator Own the case and route work CRM, task system, policy index Before customer-facing offer
Account research agent Summarize usage, tickets, and contract terms CRM, product analytics, support system None for read-only summary
Pricing agent Apply discount and margin rules Pricing tables, approval policy Required above discount threshold
Legal intake agent Flag non-standard terms Contract repository, clause library Required on risky clauses
Drafting agent Prepare the renewal email Email draft tool, approved templates Required before send

No single agent needs every tool. No single prompt needs every policy. Each specialist can be tested against its own historical cases, and the coordinator can be tested on routing and handoffs.

Open protocols reinforce that operating model. Google's Agent2Agent announcement frames A2A as a way for agents across vendors and frameworks to communicate, exchange information, and coordinate actions. MCP connects agents to tools and data. A2A aims at agent-to-agent coordination. The operating lesson is bigger than either protocol: if agents are going to run business processes, they need clean interfaces with each other, not just bigger prompts.

Where Generic AI Still Belongs

This is not an argument to remove generic assistants. They are useful for research, drafting, brainstorming, summarization, and ad hoc analysis. They are especially useful before a workflow is understood well enough to automate.

But generic tools should not be confused with process infrastructure.

Use a generic assistant to explore the problem:

  • What types of support tickets are rising?
  • Which invoice exceptions are most common?
  • What fields are missing in CRM records?
  • Which policy documents conflict?

Use a domain-specific agent when the pattern is clear enough to own:

  • Route shipping refund requests under a defined policy.
  • Match invoices to purchase orders and receipts.
  • Draft quote packages from approved pricing rules.
  • Extract contract obligations with citations.
  • Update CRM records from inbound emails with confidence scoring.

The move from assistant to agent should be a promotion. The workflow earns automation by proving volume, repeatability, measurable outcomes, and acceptable risk.

How to Pick the First Workflow

The best first domain-specific agent is rarely the most impressive one. It is the workflow where constraints are clear and the queue is painful.

Score candidates on six questions:

  1. Is there enough volume to matter?
  2. Are the inputs messy enough that rules alone struggle?
  3. Are the business rules written down or recoverable from examples?
  4. Are the tools accessible through APIs, MCP servers, browser automation, or exports?
  5. Can the outcome be scored?
  6. Can risk be bounded through read-only mode, approval gates, spending limits, or phased rollout?

Support refund triage is a good starting point because cases are frequent, policies exist, and outcomes can be reviewed. Invoice exception handling is strong because the target is concrete: match, flag, route, or hold. RevOps cleanup can work when the company has a small set of trusted sources and clear field rules. Compliance intake works when the agent's job is to collect, classify, cite, and prepare review packets rather than make final legal decisions.

Avoid starting with work where the desired outcome is political, undefined, or different for every manager. Agents amplify ambiguity. They do not fix it.

Once a workflow is selected, design the agent like a production worker:

  • Write the job description.
  • List allowed tools.
  • List forbidden actions.
  • Translate SOPs into executable instructions.
  • Define human review points.
  • Build a golden set of historical cases.
  • Run evals before launch.
  • Capture traces from day one.
  • Add failures back into the suite each week.

That is how the agent becomes an owned operating asset rather than an experiment.

Where OpenNash Fits

OpenNash builds this layer for mid-market and private-equity-backed companies that need AI automation to survive contact with real queues.

We do not start by asking which chatbot the company likes. We start with the workflow: where work enters, which systems matter, which rules control action, which exceptions need humans, and how success will be proven. From there, the build becomes concrete:

  • Map the queue and choose the first domain-specific agent.
  • Convert SOPs, policies, examples, and edge cases into agent instructions.
  • Build the connector layer through APIs, MCP, browser automation, or controlled exports.
  • Scope permissions to the workflow rather than the whole employee.
  • Add human review where authority, money, legal risk, or customer trust requires it.
  • Create evals from historical cases and known failures.
  • Deploy with traces, dashboards, and weekly review loops.

This pairs naturally with Harbor-style agent evals and the failure feedback loop we use after launch. A domain-specific agent without evals is just a narrower demo. A domain-specific agent with evals, traces, approvals, and an owner is process infrastructure.

The goal is not to make the chatbot smarter by piling more company context into it. The goal is to move work into smaller, testable, governed agents that know exactly what job they own.

If your company is trying to automate support, finance, sales operations, or compliance work and the current plan is "connect everything to a generic assistant," pause before the tool pile gets expensive. Book a call and we will help you identify the first workflow that deserves its own agent.