{"slug": "what-we-learned-building-proactive-agents", "title": "What we learned building proactive agents", "summary": "Serval engineer Adriana Rotaru detailed the company's development of proactive agents that detect and resolve IT issues without human prompts, such as identifying a firmware-OS conflict affecting 4,900 laptops in 26 minutes before any tickets were filed. The agents, which run continuously, also surface missing automation workflows and grade ticket handling, shifting IT operations from reactive to proactive problem-solving.", "body_md": "Adriana Rotaru, SWE at Serval\n\nWhat we learned building proactive agents\n\nMost agents wait for a prompt. Proactive agents don't.\n\nAgentic automation follows a familiar pattern: someone asks a question, files a ticket, fires an alert, and the agent responds. The prompt is the trigger. No prompt, no work. Automation has worked this way for decades, long before anyone called it an agent: it waited for a human to notice a problem before it could act.\n\nProactive agents break that pattern. They run without anyone asking, looking for problems no one has reported yet. Removing the prompt expands how much can be automated.\n\nIt’s also where the difficulty comes from. A prompt quietly does two jobs at once. First it detects, because someone noticed a recurring pattern or suspected something was off. Then it judges, deciding the pattern is worth chasing. Strip the prompt away and the agent has to do both itself: find what's wrong, and decide whether the finding is worth a person's time. So the surprising lesson from building these isn't about finding issues. It's about deciding which ones are worth surfacing.\n\n**The ticket that was never filed**\n\nOne of our proactive agents found a problem across a customer's laptop fleet before a single ticket had been filed about it. No one had reported it, because to any individual user it hadn't yet become bad enough to report, but in the fleet's device data, the pattern was already there.\n\nRoughly 4,900 devices were affected by a single root cause: built-in audio was cutting out mid-session, recoverable only by a reboot that held until the next failure. Reinstalling drivers didn't help.\n\nRunning against the customer's device logs and device-management data, the agent did something a human analyst would have struggled to do at that scale. It correlated the failure signals across the whole fleet, isolated the affected hardware models, and cross-referenced the vendor's own documentation. The cause wasn't a driver bug. It was an interaction between a firmware setting and an OS-level configuration for this customer, the kind of bug that only becomes visible when you can see across thousands of devices, the vendor's configuration model, and outside reports, all at once.\n\nThe whole investigation took 26 minutes.\n\nBut finding the problem was only half the work. Rather than leave a diagnosis, the agent proposed a ready-to-apply remediation workflow to apply the fix per device across every affected user. Optionally, agents open a change ticket capturing the findings and steps, keeping the whole process auditable, which meant IT never had to open, triage, and resolve thousands of hardware tickets.\n\nNot every proactive agent hunts for incidents. One reviews recent tickets, finds repetitive requests that don't yet have a workflow behind them, and suggests one. Nobody filed a ticket saying \"we're missing automation.\" The agent found that pattern on its own.\n\nThat's a problem discovery of a different kind: not finding what broke, but finding what was never built.\n\n**What these agents have in common — and why it's practical now**\n\nThey don't share a task. Serval ships a handful out of the box: one grades how the team handled escalated tickets, one digests the last day of tickets and flags what needs attention, one scans the endpoint fleet for at-risk devices, one sends a daily Slack digest of unresolved issues to the right owner. And customers build any number of their own, pushing the ceiling of how much they can automate as high as they want.\n\nThese agents are *always-on*, running every hour, every day, every week. Because the context they run against is always changing, agents can catch problems as they emerge.\n\nThe industry shift from reactive to proactive was driven by two reasons. First, models got much better at long-running, open-ended tasks, so they can explore a problem, gather evidence, and refine their findings. Second, they can now reason across large and heterogeneous inputs at scale: tickets, logs, asset inventories, device data, and external sources.\n\n**The question we're still working through**\n\nShould a proactive agent be narrow or broad? A narrow agent has a specific task: scan device logs for driver conflicts, check the asset database for duplicates. It does one thing well and its output is easy to judge, but you have to know what to point it at. A broad agent gets an open instruction: investigate, find anything concerning. It can surface things you'd never have thought to ask about. It can also surface things that aren't problems, and it's harder to tell whether its findings are useful.\n\nWe chose broad. We can afford to, because narrow work is already handled by other parts of Serval’s system (deterministic workflows for small repeatable tasks, and one-time sessions when someone knows what to build). We wrote about that engine, [Catalyst, in an earlier post](./introducing-catalyst-automating-a-task-forever-should-be-easier-than-doing-it-manually-once). Proactive agents run on the same underlying system, but unprompted, which is what frees them to go looking without a specific target. That's the only way to discover unknown problems.\n\nOur bet comes with a catch we haven't fully solved. A broad agent is only as good as its filtering: the more open the instruction, the more it surfaces, and the more the value rides on suppressing the noise. The question isn't really \"narrow or broad\" anymore. It's whether it can access the right tools when it needs to, find relevant results, and distinguish signal from noise. We think it can. We're not done proving it.\n\n**The hardest problem is the output**\n\nWe assumed the investigation would be the hard part. A few months in, we found that filtering the results was harder.\n\nGetting an agent to watch systems and investigate is the easy part. Getting it to produce relevant output is hard. Return the same findings every run, and people stop reading the reports. Surface fifty issues a day, most of them noise, and people start ignoring it. Either way the value disappears, and you've built a more expensive version of the alert fatigue you already had.\n\nWe fight this on a few fronts. We deduplicate issues already reported, so the agent doesn't resurface them. We rank findings by how many users or devices are affected, so the biggest ones come first. And we close the loop, so every finding gets feedback, explicit and measured. An admin can mark a finding useful or not, and the system tracks the impact: users helped, hours saved, tickets prevented. In a closed-loop system, feedback re-tunes the agent's instructions, adjusting how broad or narrow it should be and what's worth looking at next.\n\nThis is still an open problem. The ideal is an agent that surfaces exactly the issues that deserve attention, nothing more, nothing less. Getting there takes real calibration with real customers.\n\n**Finding the problem first**\n\nMost organizations have already automated the obvious things: password resets, device enrollment, access requests, provisioning. Automating those gets you to a certain level of coverage, and then the usual approach stops working. Call it the automation ceiling.\n\nThe problems above that ceiling are the ones without a known pattern to automate against, the ones that often don't even look like problems until they're widespread. The audio failure was one of them. Proactive agents are how you reach that work: they don't wait for a pattern or a prompt, they go find the problem first.\n\nThat is what raising the automation ceiling means. Not automating common use cases, but automating what couldn't be automated before.\n\nRaising the automation ceiling\n\nWhat we learned building proactive agents\n\nIntroducing Catalyst: Automating a task forever should be easier than doing it manually once\n\nAutomation tools have been around for decades. Serval changes the math on when it’s worth reaching for them - by making tasks easier to automate than do manually once.\n\nCarl Eschenbach's Blueprint for Building Lasting Companies in the AI Era\n\nFrom scaling VMware to $7B and serving as the CEO of Workday to investing in the future as a partner at Sequoia, Carl Eschenbach shares the principles he's carried across four decades of building and scaling enterprise technology's most enduring companies.\n\nHire High-Agency People\n\nI have 11 direct reports, while our CTO Alex has somewhere around 30, and I expect those numbers to increase as our team grows.\n\nDo the hard things, always\n\nHow Serval is building a universal automation platform to eliminate manual operational work across companies.\n\nServal’s Three Operating Principles\n\nWe don't have a culture deck. We have three operating principles.\n\nIntroducing Serval Start: A New Path for Aspiring Founders\n\nA two-year program for builders who want to become founders — before they have a company to build.\n\nFollowing the Founders: Why I Joined Serval\n\nFounding Engineer, Kaz Hishida, tells the story of why he joined Serval.\n\nPartnering with Serval: Empowering IT for AI Enterprise Automation\n\nJake, Alex and their team are giving IT teams the power to bring AI automation from their own department to every part of the organization.\n\nServal’s Next Chapter: Raising $75M to Build the New Era of Enterprise Automation and Service Management\n\nWe helped customers automate more than 50% of their tickets. Sequoia took notice.\n\nIntroducing Serval's AI-native access management\n\nServal's AI-native access management centralizes operations and improves security for IT and security teams\n\nGartner IT Symposium Recap: Why it matters that Serval is AI-native\n\nServal's AI native infrastructure provides huge benefits over legacy ITSM platforms.\n\nGeneral Catalyst Article: Doubling Down on Serval: Building Intelligent IT Agents for the AI Era\n\nInvestor, General Catalyst posts about Serval's Series A launch\n\nTechCrunch Article: Serval raises $47M to bring AI agents to IT service management\n\nTechCrunch announces Serval's Series A\n\nAnnouncing $52M Total Raised to Deploy AI Agents for IT\n\nServal adds $47M in Series A funding, led by Redpoint Ventures with participation from First Round, General Catalyst, Box Group, Bessemer Venture Partners, Chemistry, and others.\n\nAutomate 80% of IT tickets in 24 hrs\n\nAt JNUC 2025, Serval CEO Jake Stauch showed how IT teams use Serval’s AI agents to automate 80% of help desk tickets in 24 hours. From access requests to onboarding to Jamf-specific workflows. The session highlighted how Serval unifies ITSM, workflow automation, and access management into one secure, AI-native platform used by companies like Perplexity and Verkada.\n\nOktane Takeaways: Serval + Okta for AI-Native Automation\n\nHow Serval works seamlessly for Okta customers\n\nAI Agents for IT: Vibe Coding Verkada Automations with Serval\n\nYou don’t need to code to build the Verkada workflows of your dreams. Build automations from natural language prompts, unlocking the potential of Verkada’s APIs.\n\nNew Integrations for Enterprise IT: Microsoft, ServiceNow & Workday\n\nServal integrating with Microsoft, ServiceNow & Workday to support enterprise IT\n\nIntroducing Prebuilt Workflows\n\nInstallable, ready-made workflows for easier onboarding\n\nIntroducing Slack Shortcuts and Manual Ticket Creation\n\nNew tools for creating tickets in Serval\n\nIntroducing Manager and Multi-step Approvals\n\nNew approval features ensure robust controls over AI tool access\n\nIs this the end of IT tickets?\n\nSee how IT ticketing is evolving with the deployment of AI agents\n\nServal Team Member Spotlight: Teddy Wahle\n\nCelebrating Teddy's achievements\n\nIntroducing Serval Silent Mode\n\nKeep Serval AI in the background and tag for help when needed\n\nIntroducing AI Feedback\n\nCollect user feedback on Serval's AI agent and track changes in a real-time dashboard\n\nIntroducing Serval's New Public API\n\nCreate tickets from anywhere, embed AI resolutions, and sync users at scale with a single set of REST endpoints and webhooks.\n\nIntroducing Serval Integration with Jira Service Management, Freshservice, and Linear\n\nTake advantage of Serval's AI capabilities without replacing your existing ticketing system\n\nIntroducing Private Serval Messages with Team Routing\n\nYour own private help desk - for all your requests\n\nIntroducing Tasks in Serval Tickets\n\nSay goodbye to Jira checkboxes. Serval tickets now track manual tasks.\n\nIntroducing GitHub Automations\n\nAutomate GitHub PRs and more from a help desk request\n\nServal Team Member Spotlight: Derrick Liu\n\nCelebrating Derrick's achievements\n\nIntroducing Third Party Knowledge Base Integration\n\nServal's AI agent answers employee questions using docs from Notion, Confluence, etc.\n\nIntroducing Request on Behalf Of\n\nRun workflows on behalf of other users - with approval\n\nThe Difference between Automation and Deflection in the Help Desk\n\nThey not like us\n\nMigrating from Jira Service Management to Serval\n\nIt's easier than ever to modernize your ITSM\n\nAI to Help Humans Work Better - Not Take Jobs\n\nAI enables otherwise impractical best practices in IT and security\n\nIntroducing Ticket Auto Updates\n\n\"Quiet AI\" for the modern ITSM\n\nIntroducing Serval’s AI-Powered Email Help Desk\n\nAI resolutions to any help desk request over email\n\nServal Team Member Spotlight: Sebastien Lajeunesse-deGroot\n\nCelebrating Sebastien's achievements at Serval\n\nIntroducing Email Support, Internal Notes, Merging, and Image Attachments\n\nLatest features add more capabilities for Serval ITSM\n\nServal Copilot\n\nAI superpowers for human agents\n\nIntroducing Image Recognition\n\nServal now diagnoses and resolves help desk requests from a screenshot\n\nServal Team Spotlight: Kaz Hishida\n\nCelebrating Kaz's achievements at Serval\n\nAI Insights\n\nServal AI categorizes historical tickets and highlights automation opportunities\n\nMaking IT Automation Safe and Secure\n\nGuardrails are key to deploying AI in the ITSM\n\nAnalytics, Public API, and Serval for Serval Automations\n\nLatest updates for Serval power users\n\nNatural Language Approvals, Automated Knowledge Base Updates, and Version Control\n\nNew features for help desk automation\n\nAutomating the Automation for IT\n\nNatural language workflow builder eliminates friction in building IT automations\n\nIntroducing Serval\n\nAI to give IT superpowers\n\nServal Achieves SOC 2 Type 2 Compliance\n\nContinuing our commitment to data security\n\nScheduled Workflows\n\nRun workflows on a recurring schedule", "url": "https://wpnews.pro/news/what-we-learned-building-proactive-agents", "canonical_source": "https://www.serval.com/serval-news/raising-the-automation-ceiling", "published_at": "2026-07-14 14:43:59+00:00", "updated_at": "2026-07-14 14:47:47.376083+00:00", "lang": "en", "topics": ["ai-agents", "ai-products", "ai-tools", "artificial-intelligence"], "entities": ["Serval", "Adriana Rotaru"], "alternates": {"html": "https://wpnews.pro/news/what-we-learned-building-proactive-agents", "markdown": "https://wpnews.pro/news/what-we-learned-building-proactive-agents.md", "text": "https://wpnews.pro/news/what-we-learned-building-proactive-agents.txt", "jsonld": "https://wpnews.pro/news/what-we-learned-building-proactive-agents.jsonld"}}