A practical framework for understanding the four levels of AI systems — what they are, how they differ, and why each level matters for EisnerAmper's advisory practice.
The Four Levels
Each level represents a fundamental shift in who decides the next step, how much autonomy the system has, and what governance is required.
Pre-built software that executes fixed logic when a user triggers it. Every path is coded in advance by the developer. The app does nothing the programmer didn't anticipate.
An AI system that perceives its environment, reasons about goals, and takes autonomous actions. It chooses its own path, selects tools dynamically, and self-corrects when something fails.
A multi-agent architecture where several AI agents collaborate, delegate, and orchestrate work across tools, data sources, and workflows. If one agent fails, another takes over.
AI systems that write, debug, and deploy code — including building other AI agents and applications. The human describes intent; the AI generates the implementation.
Maturity Progression
Each level up exponentially increases both value delivered and governance required. This maps directly to EisnerAmper's Design-Build-Scale methodology.
Side-by-Side Comparison
A comprehensive view of how each level differs across autonomy, adaptability, tooling, governance, and real-world application.
| Dimension | Traditional App | AI Agent | Agentic System | AI Code Generation |
|---|---|---|---|---|
| Who Decides Next Steps? | The developer, at build time. All logic is predetermined. | The agent, at runtime. Reasons about what to do based on context. | The orchestrator delegates; sub-agents decide within their domain. | The human describes intent in natural language; the AI generates the implementation. |
| Autonomy Level | None. Follows exact instructions every time. | High. Plans, re-plans, retries, uses tools without human input per step. | Very high. Agents spin up other agents, share memory, self-correct as a system. | Generative. Creates net-new software artifacts. Can bootstrap entire applications from a prompt. |
| Adaptability | Zero — handles only scenarios developers anticipated. | High — reasons through novel inputs it wasn't programmed for. | Very high — reconfigures which agents work on what, dynamically. | Extreme — generates solutions for domains it has never seen, if the human can describe the problem. |
| Tool Use | Hardcoded integrations wired at build time. | Dynamic selection — agent decides which tools to call and when. | Multi-agent orchestration — agents share tools, hand off results, chain actions. | Creates the tools themselves. Writes API integrations, data pipelines, agent definitions, and scaffolds entire tech stacks. |
| Memory & Context | Stateless or simple session state. No learning. | Working memory within a task. References prior steps and results. | Shared memory across agents. Long-term memory, knowledge graphs, persistent context. | Full codebase awareness. Reads existing code, understands architecture, writes code that fits the system. |
| Error Handling | Try/catch blocks. Fails or shows error message. | Self-corrects. Retries with different approach, asks clarifying questions. | System-level resilience. Failed agents get rerouted by orchestrator. | Iterative debugging. Runs code, reads errors, fixes them, re-runs. Also writes tests to prevent future errors. |
| Human Interaction | User drives every action. App waits for input. | Human sets goal; agent executes. May check in at decision points. | Human sets high-level objective. System runs autonomously with governance checkpoints. | Human describes what they want. AI writes the code and asks for feedback. Human becomes the product manager. |
| Accounting Example | QuickBooks: manual entry, pre-built reports, fixed workflows. | AI audit agent reads a client's GL, identifies anomalies, drafts risk assessments, suggests procedures. | EisnerAI platform: orchestrator routes to specialized agents for data extraction, risk scoring, and report generation. | Claude Code builds the audit agent itself — generating Python code, API integrations, prompts, and Azure deployment scripts. |
| Healthcare Example | An EHR system: structured data entry, fixed reporting templates. | AI reviews patient records, flags drug interactions, drafts clinical summaries. | Clinical AI system: one agent monitors vitals, another checks meds, a third generates discharge plans — sharing patient context. | An AI tool builds the clinical agents, writes FHIR integrations, generates safety validation tests, deploys to production. |
| Build Complexity | Moderate. Well-understood engineering patterns. | High. Prompt engineering, tool integration, guardrails, non-determinism testing. | Very high. Agent orchestration, shared memory architecture, governance, monitoring. | Paradigm shift. The build step itself is AI-assisted. One developer with code gen produces what required a team of 5–10. |
| Governance Needs | Standard IT controls, access management, change management. | AI-specific: model risk, output validation, bias testing, explainability, data governance. | All of the above PLUS: inter-agent trust, delegation policies, escalation rules, audit trails across agent chains. | All of the above PLUS: code review of AI-generated code, supply chain security, IP ownership, and validation of generated agents. |
| Real-World Tools | Excel, SAP, Salesforce, QuickBooks, custom enterprise apps. | EisnerAI Audit Agent, Microsoft Copilot, custom GPTs, single-purpose AI assistants. | Microsoft AutoGen, CrewAI, LangGraph, Azure AI Foundry multi-agent, EisnerAI platform vision. | Claude Code, Cursor, GitHub Copilot, ChatGPT Code Interpreter, Replit Agent, Windsurf, Amazon Q. |
| Speed to Value | Months to years. Traditional SDLC. | Weeks. Prompt + tools + guardrails = working agent. | Weeks to months. Orchestration adds complexity but compounds value. | Hours to days. Describe what you want, iterate, deploy. Fastest path from idea to working software. |
| EisnerAmper Relevance | Clients already have these. Not a consulting opportunity. | The current sweet spot. High-value AI advisory: strategy, build, governance. | The 12-24 month horizon. Where EisnerAI and client advisory is heading. | The force multiplier. A 5-person team with AI code gen produces like 25. Also an advisory opportunity for clients. |
Strategic Implications
Each level up exponentially increases governance complexity. AI Code Generation introduces unique risks: AI-generated code must be reviewed for security vulnerabilities, licensing compliance, hallucinated dependencies, and alignment with enterprise architecture. EisnerAmper's Six-Pillar AI Risk Framework must extend to cover code provenance, generated-artifact audit trails, and AI-to-AI trust boundaries.
Most clients are stuck between Level 1 (apps they already have) and Level 2 (agents they don't know how to build or govern). The AI Director's job is to meet clients where they are, assess their readiness, and guide them up the maturity curve — while ensuring every step is governed, auditable, and aligned with their risk tolerance.
AI Code Generation is the layer that accelerates everything else. The AI Director who can use Claude Code or Cursor to build agents in hours — then wrap those agents in EisnerAmper's governance framework — delivers 5x the value of a team that builds the traditional way. This is how a lean practice punches far above its weight.
From EisnerAmper
