The last generation of support bots optimized for deflection — keeping a customer away from a human — and customers learned to hate them. An agent that resolves is a different animal: it can actually look up an order, apply a credit, reset an entitlement, and confirm the fix, or hand off cleanly when it cannot. This is how we build support agents that raise resolution rates and satisfaction at the same time, instead of trading one for the other.
Deflection versus resolution is a design choice
A deflection bot answers with information and hopes the customer goes away. A resolution agent takes action to close the issue — it has tools, it uses them, and it verifies the outcome. The distinction shows up immediately in your metrics: deflection bots optimize 'tickets avoided,' while resolution agents optimize 'issues actually resolved without a human,' which is the number that correlates with satisfaction.
This reframing changes the whole architecture. You are no longer building a smarter FAQ; you are building an agent with scoped access to your operational systems, guardrails around what it may do, and a clean escalation path for everything else. The model is the easy part. The tools, permissions, and escalation logic are the work.
Ground every answer, cite every source
The fastest way to destroy trust is a confidently wrong answer about a customer's account or your policy. Ground the agent with RAG over your approved help center, policy documents, and product documentation, and require that informational answers cite their source. An answer the agent cannot ground should become 'let me get someone who can help,' not an invented plausible-sounding paragraph.
Keep the knowledge fresh with incremental ingestion so a policy change propagates to the agent the same day, and mark superseded content inactive so the agent never quotes last year's return policy. In our experience, a support agent that occasionally says 'I don't have that information' is far more valuable than one that never admits a gap — customers forgive uncertainty, they do not forgive being misled.
- Retrieve from approved, versioned content only — no answering from the base model's memory.
- Require citations on informational answers so agents (human and AI) can verify.
- Refuse or escalate rather than fabricate when grounding fails.
Give it real tools, scoped tightly
Resolution requires action, which means tools: look up order status, check subscription state, issue a refund up to a limit, reset a password, update a shipping address. Expose these through a well-defined interface — increasingly an MCP server — with strict input schemas so a malformed argument is rejected rather than coerced into something dangerous.
Scope aggressively by risk. Read-only lookups can run freely. Low-risk, reversible actions (resend a receipt, update a non-sensitive field) can run autonomously. Anything with financial or security consequence — a large refund, a plan change, a data deletion — routes through an approval step or a human. Propagate the customer's identity so the agent only ever touches that customer's data, never another account's.
Escalate like a great agent, not a dead end
The measure of a good support agent is not that it never escalates; it is that it escalates well. Detect the signals that warrant a human early — an angry or distressed customer, a request outside scope, repeated failed attempts, an edge case the agent is unsure about — and hand off before frustration builds, not after three loops of the same unhelpful reply.
Make the handoff seamless. Pass the human the full context: the conversation, what the agent already tried, the relevant account data, and its best guess at the issue. Nothing enrages a customer more than repeating everything to a human after the bot wasted their time. Done right, the agent does the tedious context-gathering and the human starts the conversation already informed.
- Escalate on sentiment, out-of-scope requests, repeated failures, and low confidence.
- Hand the human a full summary: transcript, actions attempted, account context, likely cause.
- Never trap the customer in a loop — a clean early handoff beats a stubborn bot.
Guardrails, safety, and abuse resistance
A public-facing agent with tools is an attack surface. Assume users will try prompt injection to make it break policy, reveal system instructions, or misuse a tool. Validate and sanitize every tool argument, never pass model output straight into a query or shell, and put hard business limits in code, not in the prompt — a refund cap enforced by the model is a suggestion; a refund cap enforced by the tool is a control.
Add topic and safety boundaries so the agent stays in its lane, declines off-topic or manipulative requests gracefully, and never discloses another customer's data. Log every action with the customer identity, arguments, and result so an incident is reconstructable. These controls are not optional polish; they are what stands between a helpful agent and a headline.
Measure resolution, and improve on real failures
Instrument the outcomes that matter: genuine resolution rate (issue closed without a human), escalation rate and reasons, customer satisfaction on agent-handled contacts, and time to resolution. Track grounding and citation accuracy separately so you know whether a bad answer came from retrieval or generation. Watch for the tell-tale failure signal of repeated reformulations, which usually means the first answer missed.
Feed real failures back into an evaluation suite and run it on every prompt, tool, or model change so a well-meaning tweak cannot quietly regress five other flows. Roll changes out behind a flag to a fraction of traffic first and watch the dashboards. A support agent touches your customers directly, so a staged rollout with fast rollback is worth more than any amount of pre-launch confidence.
A staged rollout that earns trust
Do not switch a resolution agent on across all channels on day one. Start it in a suggest-to-agent mode where it drafts responses and proposes actions for a human support rep to approve, which both protects customers and generates a labeled dataset of good and bad suggestions. Graduate to autonomous handling of your lowest-risk, highest-volume issue types once the metrics justify it, then widen scope deliberately.
This sequencing mirrors how you would onboard a human hire: supervised first, autonomous on the easy stuff once trusted, escalating the hard stuff throughout. It is slower than flipping a switch, and it is the difference between an agent your support team defends and one they route around.
Key takeaways
- 1.Optimize for genuine resolution, not deflection — the agent needs tools and must verify outcomes.
- 2.Ground every answer in approved, versioned content with citations; refuse or escalate rather than fabricate.
- 3.Give the agent tightly scoped tools, enforce hard limits in code not prompts, and propagate customer identity.
- 4.Escalate well: detect the signals early and hand the human full context so the customer never repeats themselves.
- 5.Measure resolution rate and satisfaction, feed real failures into an eval suite, and roll out in stages behind a flag.