The problem with applying traditional SLOs to AI agents
SLOs work beautifully when "good" is observable.
An API either returns 200 or it doesn't. Latency is measurable. Availability is binary. You instrument, you baseline, you commit to a number, and you burn down an error budget when reality diverges.
AI agents break every one of these assumptions.
After a quarter of running agentic systems against production infrastructure, here are the three failure modes I keep running into when teams apply traditional SLO thinking to agents.
Failure mode 1: Correctness is not observable at the response layer
A REST service fails loudly. A 500, a timeout, a malformed payload — your existing observability catches it.
An agent can produce a response that:
- Parses correctly
- Passes schema validation
- Triggers no alerts
...and still be wrong in a way that compounds silently for hours.
Traditional error rate SLOs have zero visibility into this. Your dashboards stay green. The blast radius is growing.
What to do instead: Add a behavioral correctness signal. For every agent decision class, define a human-reviewable sample rate and track the delta between agent judgment and human override. That delta is data. It belongs in your SLO.
Failure mode 2: Latency SLOs punish safe agent behavior
A p99 latency SLO makes perfect sense for a stateless service.
It is actively dangerous for an agent.
Agents that pause to verify context, escalate ambiguous decisions to a human, or refuse to act on a poisoned tool output are doing exactly what you want them to do. A latency SLO penalizes them for it.
If you optimize against a latency target, you are implicitly optimizing for speed over safety. In agentic systems, that's how you get silent degradation and runbook violations at 2am.
What to do instead: Track decision latency distribution separately from response latency. Escalation paths should be excluded from latency SLO calculations or governed by a separate, explicitly higher target.
Failure mode 3: You cannot commit to a number you haven't earned
This one keeps coming up in conversations with other SRE leads.
Teams instrument an agent, run it for a week, and immediately try to commit to a 99.5% reliability target. Then they burn their error budget in the first real incident because the baseline was built on demo traffic.
Rule I enforce on my team: Minimum 30-day behavioral baseline before any agentic SLO is ratified. No exceptions. The baseline must cover:
- Tool failure scenarios
- Context window edge cases
- At least one simulated prompt drift event
- Real production traffic, not synthetic load
You cannot reliability-engineer what you have not yet measured.
What an agentic SLO actually looks like
After iterating on this for a quarter, I'm building agentic SLOs around three signal types that traditional SLOs don't capture:
Signal 1: Human Escalation Rate (HER)
HER = (decisions requiring human override) / (total agent decisions) × 100
This is your canary metric. Rising HER is often the first observable signal of:
- Model drift
- Context degradation
- Prompt decay
- Tool output poisoning
Set a threshold. Wire it to your on-call rotation. Page on it.
My current target: HER ≤ 8% over any 24-hour rolling window
Signal 2: Decision confidence distribution
Don't track a single average confidence score. Track the distribution.
When an agent is operating normally, confidence tends to be bimodal — high confidence on routine decisions, lower on edge cases. When the distribution collapses from bimodal to flat, something has shifted in the agent's environment.
That shift may not produce errors yet. But it will.
My current target: Decision confidence p10 ≥ 0.65
Signal 3: Blast radius exposure rate
BRER = (HIGH + CRITICAL tier changes per hour)
You can have a green error rate and a dangerous blast radius exposure rate at the same time.
This metric captures risk velocity — how fast your agent is accumulating unreversed high-impact changes. It belongs in your SLO alongside uptime.
My current target: CRITICAL tier changes ≤ 2/hour without explicit approval gate
The SLO I'm piloting
agent_slo:
baseline_period: 30d
signals:
human_escalation_rate:
threshold: "≤ 8%"
window: "24h rolling"
alert: page_on_call
decision_confidence_p10:
threshold: "≥ 0.65"
window: "1h rolling"
alert: warn
critical_blast_radius_rate:
threshold: "≤ 2/hour"
gate: explicit_approval_required
error_budget:
calculated_from: [HER, confidence_p10, blast_radius_rate]
not_from: [uptime, latency]
review_cadence: weekly_baseline_review
The mindset shift
Traditional SLO: Is the system up?
Agentic SLO: Is the system trustworthy?
These are not the same question. Uptime is necessary but not sufficient. An agent can be 100% available and producing wrong decisions at scale.
The SRE community has the tooling, the culture, and the postmortem discipline to solve this. But we have to resist the temptation to copy-paste our existing SLO playbook onto a fundamentally different kind of system.
What's next
In the next post in this series, I'll walk through how I'm wiring these signals into OpenTelemetry alongside the decision-lineage layer from my previous MCP observability write-up — so a single trace can answer both "what happened" and "why the agent decided to do it."
If you're running agentic AI against production infrastructure and have built your own reliability signals, I'd genuinely like to hear what you're measuring. Drop it in the comments.
This post is part of an ongoing series on AI-SRE: applying production reliability engineering principles to agentic AI systems in regulated cloud-native environments.
Linkedin url https://www.linkedin.com/posts/ajay-devineni_sre-agenticai-reliability-ugcPost-7452416001553567744-BPgq?utm_source=share&utm_medium=member_desktop&rcm=ACoAACIp55QBRGVmAcEbf0D-1PaR5vEbm2yMcJU
Top comments (0)