← Back to writing

Multi-agent AI systems fail at the handoff, not the model

When a multi-agent system fails in production, the model is almost never the cause. It breaks at the seam between agents: the handoff, where one agent passes work to the next. The fix is to stop treating the handoff as an implicit "pass the conversation along" step and start engineering it, with a single task owner, a typed handoff payload, and a hard budget on how many times work can bounce before a supervisor stops it.

Teams have spent a year making individual agents smarter, and the reliability problem simply moved. Once you split a workflow across a triage agent, a billing agent, and a refunds agent, the interesting failures happen in the space between them, and that space is usually undesigned.

The failure lives in the seams, not the agents

A single agent with good tools is a well-understood object. It reads context, calls a tool, reads the result, and answers, and most of its reliability work lives in the tool layer, a separate problem covered in why your AI agent fails on tools, not the model.

A multi-agent system adds a surface a single agent never had: the transfer of control and context from one agent to another. Each transfer is a small distributed-systems problem. Who owns the task now? What state moved across, and what got dropped? What if the receiving agent decides the work belongs back where it came from? None of those questions have an answer unless you wrote one, and the default answer is "pass the whole message history and hope." The demo runs the happy path where every handoff goes forward exactly once; real traffic has ambiguous cases that sit on the boundary between two agents, and that is precisely where an undesigned handoff loops or loses information.

The three ways handoffs break in production

No single owner: the ping-pong loop

The most expensive failure is a task that no agent owns. A ticket lands in the billing agent, which decides it is really a refund question and hands to refunds, which decides it needs the original charge details and hands back. Neither agent is wrong on its own; together they form a loop that replans forever because ownership is never fixed. Each hop costs a full model call, so a question a human would resolve in ten seconds can run for thirty rounds and a few dollars before it times out. Nobody wrote the rule "the agent holding the task keeps it until it is done or escalated," and without that rule, two agents with slightly conflicting instructions trade the same task back and forth indefinitely.

Context lost or bloated at transfer

The opposite failures both hurt. Pass too little (just "handle this refund") and the receiving agent has lost the plan tier, the ticket history, and the reason for the transfer, so it guesses or asks the user to repeat themselves. Pass everything (the entire raw conversation plus every prior agent's scratch work) and it drowns in irrelevant context while latency and cost climb. Uncontrolled context transfer is the same class of problem that makes agent memory degrade over time, covered in why your AI agent's memory rots in production.

No budget, no circuit breaker

A single agent naturally terminates: it answers and stops. A multi-agent system has no natural stopping point, because any agent can always hand to another. Without an explicit turn budget, a confused system does not fail loudly; it fails slowly, burning tokens on an internal argument until a request timeout kills it. You find out from the bill or a customer complaint, not from an alert.

Design the handoff as a contract

The pattern that holds up is to treat every handoff as an engineered interface with four properties. None require a smarter model; they are architecture you own.

One owner at a time: a baton, not a committee

At any moment, exactly one agent owns the task. A handoff transfers the baton; it does not open a debate. The cleanest way to enforce this is an orchestrator (a supervisor agent or a plain state machine) that holds the task and calls sub-agents as functions, rather than letting peer agents hand directly to each other. A sub-agent returns a result to the orchestrator; it cannot re-route the task itself. That single change removes most ping-pong loops, because a worker can no longer bounce a task sideways. It can only finish or report back.

A typed handoff payload: what and why

Do not pass the raw conversation. Pass a small structured object with exactly what the next step needs plus the reason for the transfer: for a support workflow, the customer id, the plan tier, the resolved intent, the specific question, and a one-line reason like "billing determined this is a refund eligibility question." A typed payload keeps the receiving agent focused and makes the handoff auditable, because the reason is now data you can read later. It is the same discipline as validating a tool call before you run it, applied to the seam between agents.

A turn budget and a supervisor that can stop

Give the whole task a hard cap: a maximum number of handoffs or total agent turns, plus a wall-clock and token budget. When it is exhausted, the supervisor does not hand off again. It stops and takes a defined fallback: escalate to a human, return a safe partial answer, or ask one clarifying question. A cap of five to seven hops covers almost every legitimate workflow while turning a runaway loop into a bounded, observable event. For actions that touch money or customer data, the supervisor should also route through an approval step, which pairs well with human-in-the-loop approval for AI agents that take real actions.

Log every handoff at the seam

Instrument the transfer itself. Every handoff should emit a record with the from-agent, to-agent, reason, and hop count. With that one log line, a ping-pong loop shows up as a sawtooth in a trace instead of an unexplained slow response. Observability at the seam turns a silent multi-agent failure into a debuggable one, and it is a different signal from an eval score, a distinction we drew in observability isn't evals.

A worked example: support automation that stopped looping

Consider an illustrative B2B SaaS support automation with three agents: a triage agent, a billing agent, and a refunds agent. The numbers below are synthetic, chosen to show the shape of the problem.

The failing version let the agents hand off to each other directly. A ticket reading "why did my plan renew when I thought I cancelled" was genuinely ambiguous: partly a billing question (what was charged and when) and partly a refunds question (is the customer owed money). Triage sent it to billing, billing handed to refunds, refunds needed the charge timeline and handed back, and the two looped. About one in twenty tickets hit this pattern, averaging eleven agent calls before the request timed out at sixty seconds, and the user got nothing.

The fix changed no prompts and swapped no models. Triage became a supervisor that owns the task for its whole life and calls billing and refunds as workers that return structured findings and cannot re-route. Each handoff carries a typed payload (customer id, plan tier, the specific sub-question, and the reason) instead of the raw thread. A budget caps the task at six worker calls; on exhaustion the supervisor escalates to a human with everything it gathered. Looping tickets went to zero, because a worker can no longer hand a task sideways. The renewal ticket now resolves in two calls: billing returns the charge timeline, refunds returns the eligibility decision, and the supervisor composes the answer.

When you should not run multiple agents

The most reliable multi-agent system is often no multi-agent system. Reasoning models have absorbed a lot of the planning teams used to split across agents, so many workflows that look like they need a crew are better served by one capable agent with good tools, a case we made in full in when to collapse a multi-step agent into one reasoning call. Every handoff you remove is a seam you no longer have to make reliable.

Multiple agents earn their keep when there is a real reason to separate them: distinct permission boundaries (a refunds agent that can move money should be isolated from an agent reading untrusted user input, which also limits blast radius from prompt injection), genuinely parallel work that fans out and rejoins, or very different tools and context per role. If the split is only "it felt cleaner," collapse it and keep the reliability budget.

A short checklist before you ship

Before a multi-agent feature goes to real users, confirm the seams are engineered, not assumed:

  • Exactly one agent owns the task at any moment, and workers cannot re-route it.
  • Handoffs carry a typed payload with the reason for transfer, not the raw conversation.
  • There is a hard cap on hops, turns, wall-clock, and tokens, with a defined fallback when it trips.
  • Every handoff is logged with from, to, reason, and hop count.
  • Money-touching or data-touching actions route through an approval step.
  • You have asked whether one agent with tools would do the same job with fewer seams.

Most multi-agent reliability work is unglamorous plumbing at the boundaries, which is exactly why it gets skipped. The teams whose agents survive contact with production are not the ones with the smartest agents; they are the ones who designed the space between them. For the wider set of production practices this fits into, see the AI engineering playbook, and to size the cost of a looping workflow, the AI cost calculator makes the per-call math concrete.

FAQ

Why do multi-agent AI systems fail more than single agents?

They add a failure surface a single agent does not have: the handoff between agents. Control and context transfer at each boundary, and if those boundaries are undesigned, tasks loop between agents, context gets lost or bloated, and nothing enforces a stopping point. The individual agents can be perfectly good while the system is unreliable.

What is a handoff in a multi-agent system?

A handoff is the moment one agent passes a task to another. It should transfer three things explicitly: ownership of the task, a small typed payload of just what the next agent needs, and the reason for the transfer. When a handoff passes only "the conversation so far," those three things are implicit, which is where reliability breaks.

How do you stop agents from looping?

Use an orchestrator that owns the task and calls other agents as workers that return results and cannot re-route, so work can only move forward or come back, never sideways. Add a hard cap on total hops or turns, and when the cap trips, stop and take a defined fallback such as escalating to a human instead of handing off again.

Get shipped

Rather we just build it?

Book a free scoping call and we'll ship your production-safe AI feature this week.