When one agent delegates work to another agent, critical context is lost with each handoff. Receiving agent operates with incomplete picture. Metadata, constraints, and original intent degrade progressively through the delegation chain.
Context loss is an information-theoretic problem in multi-agent systems. When Agent A delegates to Agent B, Agent A must communicate its task, constraints, and intent through an interface. That interface has limited bandwidth and structure. Agent A may not transmit all relevant context because the interface does not support it, or because Agent A does not recognize certain information as relevant, or because the receiving agent's API does not accept arbitrary metadata.
Example: Agent-PaymentRouter receives a payment instruction with these attributes: payment amount ($10M), beneficiary, originating customer, payment type (wire transfer), and regulatory jurisdiction (EU). When routing this payment to Agent-AMLScreening, the delegation interface may support only: amount, beneficiary, and payment type. Jurisdiction, customer profile, and originating account type are stripped away.
Agent-AMLScreening performs its task (screening beneficiary against sanctions lists) with incomplete information. If the beneficiary name is common, jurisdiction matters for disambiguation. Without jurisdiction, the agent cannot resolve whether the beneficiary matches a Dubai-based merchant (low risk) or a Tehran-based entity (high risk under US OFAC rules).
In regulated industries, this creates compliance risk. An institution must maintain an audit trail showing that each decision was made with complete information relevant to that decision. If decisions are made with degraded or missing context, the institution cannot defend those decisions during regulatory examination.
An international insurance company processes claims through a multi-agent workflow: Claims-Intake agent receives claim submission, Invoice-Validation agent reviews supporting invoices, Fraud-Detection agent screens for suspicious patterns, Policy-Review agent checks policy coverage terms, Regulatory-Compliance agent checks for sanctions/jurisdiction restrictions, and Approver agent makes final payment decision.
A claim arrives from a policyholder with coverage for business interruption in East Asia. The policyholder's factory in Vietnam suffered a fire-related shutdown. Claims-Intake captures: claim amount ($500K), claim type (business interruption), cause (fire), location (Vietnam), policyholder name, and policy number. But the Claims-Intake agent's delegation interface to Invoice-Validation supports only: claim amount, claim type, and invoice attachments.
Invoice-Validation receives the $500K business interruption claim and focuses on invoice authenticity. It does not know the location is Vietnam. When it flags an invoice as "unusual expense pattern" (restaurant and hotel charges during shutdown period), the agent does not contextualize that the policyholder was in Vietnam managing shutdown recovery. Invoice-Validation escalates the claim as high-risk fraud.
The claim passes to Fraud-Detection without the context that the restaurant and hotel charges occurred in Vietnam during a legitimate crisis event. Fraud-Detection, seeing only the escalation flag and unusual expense pattern, assigns a high fraud score (0.78 / 1.0). Finally, Approver receives a claim marked as high-fraud-risk with no explanation in the visible context. It denies the claim as "suspected fraud."
The policyholder disputes the denial. During the dispute investigation, the insurance company discovers that every agent acted reasonably given the context it received, but the aggregate effect of context loss resulted in a wrongful claim denial. The state insurance regulator issues a violation for "claim handling process deficiency; claim decisions not made on complete relevant information."
| Dimension | Score | Rationale |
|---|---|---|
| D - Detectability | 3 | Context loss is not directly observable in real time. It emerges when decisions are reviewed post-hoc and context is reconstructed. |
| A - Autonomy Sensitivity | 3 | Affects autonomous agents and delegating agents more severely. Agents with human review catch missing context. |
| M - Multiplicative Potential | 4 | Affects every delegated transaction. In multi-hop workflows, probability of context loss increases with each hop. |
| A - Attack Surface | 2 | Not directly exploitable as an attack vector. But adversary could deliberately craft contexts that exploit known interface limitations. |
| G - Governance Gap | 4 | Regulations require decision-making on "complete information"; institutions must define what "complete" means and enforce it. Few institutions have formal delegation interface standards. |
| E - Enterprise Impact | 3 | Impacts decision quality, regulatory compliance, and customer satisfaction. Does not directly impact confidentiality or availability. |
| Composite DAMAGE Score | 3.6 | High. Requires dedicated mitigation controls and monitoring. |
How severity changes across the agent architecture spectrum.
| Agent Type | Impact | How This Risk Manifests |
|---|---|---|
| Digital Assistant | Low | Context flows through human review. Human aggregates missing information from external sources before acting. |
| Digital Apprentice | Low | Agents are trained to flag uncertainty when context is incomplete. Escalate to human rather than proceed with degraded context. |
| Autonomous Agent | Medium | Operates with bounded autonomy but may not be aware of context losses. If agent is designed to handle single context type, missing context is silent. |
| Delegating Agent | High | Context loss occurs at tool invocation boundary. If tool API does not support passing full context, context is lost silently. |
| Agent Crew / Pipeline | Critical | Sequential pipeline architecture guarantees context loss at each hop. By step 5 in a 10-step pipeline, original context is largely degraded. |
| Agent Mesh / Swarm | Critical | Mesh architectures with ad-hoc delegation patterns create unpredictable context loss. Agents may delegate to agents they have not been designed to coordinate with. |
| Framework | Coverage | Citation | What It Addresses | What It Misses |
|---|---|---|---|---|
| NIST AI RMF 1.0 | Partial | MEASURE 5.2, MANAGE 7.2 | Performance measurement and information management. | Context preservation across agent handoffs; delegation interface standards. |
| EU AI Act | Partial | Article 13 (Documentation) | Record-keeping on AI decision processes. | Requirements for context preservation in agent delegation. |
| MAS AIRG | Partial | Governance, Process Discipline | Process design and governance. | Delegation interface standards; context preservation in multi-agent workflows. |
| FDIC / SR 11-7 | Partial | Third-Party Risk | Third-party vendor oversight and controls. | Internal agent-to-agent delegation governance. |
| GDPR Article 22 | Partial | Automated Decision-Making | Right to explanation for automated decisions. | Requirements for decisions to be made with complete relevant data. |
| ISO 42001 | Partial | Section 8.3 | Information management and documentation. | Delegation interface standards and context preservation. |
In financial services, regulations explicitly require that decisions be made with complete relevant information. FCRA (Fair Credit Reporting Act) requires that credit decisions be made with accurate and complete information. Insurance regulations require that claim decisions be made based on full investigation of the claim. GDPR Article 22 requires explainability for automated decisions.
When agents delegate work with degraded context, the institution is operating outside these requirements. The institution cannot defend a decision by arguing "each agent was reasonable given its input" if the original decision was made without complete information.
Additionally, context loss creates audit trail problems. When regulators investigate a decision, they need to reconstruct what information was available to the decision-maker. If context was lost in delegation, the audit trail may not show this. The institution may appear to have made a decision with less information than it actually had, creating a compliance violation on its face.
Context Loss in Delegation requires architectural controls that go beyond what existing frameworks provide. Our advisory engagements are purpose-built for banks, insurers, and financial institutions subject to prudential oversight.
Schedule a Briefing