This panel discussion provides comprehensive insights into the infrastructure challenges and solutions required for deploying autonomous AI agents in production environments. The discussion features four industry experts: Delia from Meta (focusing on data infrastructure for recommendation systems and generative AI), Anna Berenberg from Google (Engineering Fellow responsible for cloud platform infrastructure), Barb Moses from Monte Carlo (CEO working on data and AI observability), and Chi from Microsoft Azure (Corporate VP in charge of Kubernetes and cloud-native services). The discussion begins with establishing the fundamental differences between agentic workloads and traditional software systems. Delia from Meta explains that agentic systems explore massive search spaces to find solutions, rather than executing well-engineered single solutions like traditional software. These systems require tens, hundreds, or even thousands of steps to complete tasks, fundamentally redefining concepts of reliability, latency, and security. She provides a concrete example of web navigation agents for shopping, where an agent might need to purchase multiple t-shirts of different sizes and colors from various websites with overnight shipping - demonstrating the complexity and multi-step nature of agentic workflows. The infrastructure implications are profound and multifaceted. Anna from Google highlights how traditional networking assumptions break down with agentic systems. HTTP protocols designed for millisecond request-response patterns now need to handle sessions lasting seconds or longer, requiring streaming capabilities at both protocol and application levels. Load balancing becomes problematic when a single request can utilize 100% CPU, making traditional weighted round-robin approaches ineffective. Instead, load balancing must consider queue sizes and token counts. Routing becomes particularly challenging because it needs to handle natural language inputs, forcing applications to build their own routing logic rather than relying on network-level routing. Caching strategies also require fundamental rethinking. Traditional caching becomes ineffective because AI systems generate different responses each time, necessitating semantic caching approaches. Policy enforcement becomes complex because understanding and enforcing policies requires comprehension of various protocols including OpenAI APIs, Gemini APIs, MCP (Model Control Protocol) for tools, and A28 for agents. This complexity is compounded by the distributed nature of agentic systems, where components may be deployed across different VPCs, cloud providers, and even the public internet. Security presents unique challenges in agentic environments. Chi from Microsoft Azure describes how AI agents can be exploited by malicious actors who also leverage LLMs for more sophisticated attacks. A particularly concerning example involves GitHub zero-day exploits where attackers embedded malicious prompts in GitHub issues. Users, trusting the GitHub source, would install MCP servers that subsequently exposed private repositories in public readme files. This demonstrates context poisoning attacks that are more sophisticated than traditional security threats and leverage the trust relationships inherent in development workflows. The observability and reliability challenges are equally complex. Barb Moses from Monte Carlo emphasizes that AI systems cannot be considered separately from data systems, as failures often originate from data issues rather than the AI components themselves. She identifies four core failure modes: incorrect data ingestion, code problems with downstream implications, system failures in orchestration, and model outputs that are inaccurate or unfit for purpose despite all other components functioning correctly. This requires a holistic approach to observability that spans the entire data and AI estate, including databases, data warehouses, lakehouses, ETL pipelines, orchestrations, agents, prompts, and RAG pipelines. The panel discusses how traditional concepts like health checking need complete redefinition for agentic systems. Determining whether an agent is "healthy" becomes complex when the underlying LLM might hallucinate or when malicious prompts could hijack the agent's behavior. Health checking must consider whether an agent is performing as expected, whether it's been compromised, and whether it should be failed over or taken out of service. Evaluation and testing strategies require significant evolution. Delia emphasizes the need for comprehensive evaluation frameworks across multiple difficulty levels, secure sandboxed environments for testing, and detailed instrumentation of all agent activities. Every call, trajectory, and decision point needs to be logged and traceable, including information about whether actions were initiated by humans or AI, which AI generated them, what prompts were used, and the complete step-by-step execution path. This instrumentation serves dual purposes: converting successful trajectories into training data for future agent improvements and enabling detailed debugging when issues occur. The discussion reveals that unknown unknowns dominate agentic systems, with perhaps 95% of potential issues being unpredictable compared to the typical 5-10% in traditional software projects. This necessitates comprehensive testing strategies and the assumption that anything not explicitly tested will fail. The complexity increases exponentially when considering that organizations might deploy thousands of agents, each potentially more productive than human workers and operating continuously. The human role in these systems remains critical despite the automation. While agents can handle research, summarization, and manual toil, humans maintain decision-making authority, particularly for actions with significant consequences. The panel notes strong preference for human-in-the-loop approaches, especially for corrective actions and critical decisions. This reflects a balanced approach where automation handles routine tasks while humans retain oversight for high-stakes operations. Looking forward, the panel predicts that within 12 months, agentic capabilities will become so ubiquitous that the terms "agentic" and "AI" will become implicit rather than explicit differentiators. The expectation is that intent-based configuration will finally become practical through natural language processing, transitioning from knob-based to intent-based system management. The panel also anticipates expansion beyond software to hardware applications, potentially enabling personal robotics applications. The discussion underscores that while these infrastructure challenges are significant, they should not impede the development and deployment of agentic AI systems. Instead, they require thoughtful engineering approaches that address security, reliability, and observability from the ground up. The transformation represents an exciting opportunity for infrastructure engineers to rebuild systems architecture for a new paradigm of autonomous, intelligent software agents operating at scale in production environments. This case study demonstrates the complexity of productionizing agentic AI systems and highlights the need for comprehensive LLMOps approaches that encompass infrastructure, security, observability, and human oversight. The insights from these industry leaders provide valuable guidance for organizations preparing to deploy autonomous AI agents in their production environments.