Adriana Rotaru, SWE at Serval
What we learned building proactive agents

Most agents wait for a prompt. Proactive agents don't.
Agentic automation follows a familiar pattern: someone asks a question, files a ticket, fires an alert, and the agent responds. The prompt is the trigger. No prompt, no work. Automation has worked this way for decades, long before anyone called it an agent: it waited for a human to notice a problem before it could act.
Proactive agents break that pattern. They run without anyone asking, looking for problems no one has reported yet. Removing the prompt expands how much can be automated.
It’s also where the difficulty comes from. A prompt quietly does two jobs at once. First it detects, because someone noticed a recurring pattern or suspected something was off. Then it judges, deciding the pattern is worth chasing. Strip the prompt away and the agent has to do both itself: find what's wrong, and decide whether the finding is worth a person's time. So the surprising lesson from building these isn't about finding issues. It's about deciding which ones are worth surfacing.

The ticket that was never filed
One of our proactive agents found a problem across a customer's laptop fleet before a single ticket had been filed about it. No one had reported it, because to any individual user it hadn't yet become bad enough to report, but in the fleet's device data, the pattern was already there.
Roughly 4,900 devices were affected by a single root cause: built-in audio was cutting out mid-session, recoverable only by a reboot that held until the next failure. Reinstalling drivers didn't help.
Running against the customer's device logs and device-management data, the agent did something a human analyst would have struggled to do at that scale. It correlated the failure signals across the whole fleet, isolated the affected hardware models, and cross-referenced the vendor's own documentation. The cause wasn't a driver bug. It was an interaction between a firmware setting and an OS-level configuration for this customer, the kind of bug that only becomes visible when you can see across thousands of devices, the vendor's configuration model, and outside reports, all at once.
The whole investigation took 26 minutes.
But finding the problem was only half the work. Rather than leave a diagnosis, the agent proposed a ready-to-apply remediation workflow to apply the fix per device across every affected user. Optionally, agents open a change ticket capturing the findings and steps, keeping the whole process auditable, which meant IT never had to open, triage, and resolve thousands of hardware tickets.
Not every proactive agent hunts for incidents. One reviews recent tickets, finds repetitive requests that don't yet have a workflow behind them, and suggests one. Nobody filed a ticket saying "we're missing automation." The agent found that pattern on its own.
That's a problem discovery of a different kind: not finding what broke, but finding what was never built.

What these agents have in common — and why it's practical now
They don't share a task. Serval ships a handful out of the box: one grades how the team handled escalated tickets, one digests the last day of tickets and flags what needs attention, one scans the endpoint fleet for at-risk devices, one sends a daily Slack digest of unresolved issues to the right owner. And customers build any number of their own, pushing the ceiling of how much they can automate as high as they want.
These agents are always-on, running every hour, every day, every week. Because the context they run against is always changing, agents can catch problems as they emerge.
The industry shift from reactive to proactive was driven by two reasons. First, models got much better at long-running, open-ended tasks, so they can explore a problem, gather evidence, and refine their findings. Second, they can now reason across large and heterogeneous inputs at scale: tickets, logs, asset inventories, device data, and external sources.
The question we're still working through
Should a proactive agent be narrow or broad? A narrow agent has a specific task: scan device logs for driver conflicts, check the asset database for duplicates. It does one thing well and its output is easy to judge, but you have to know what to point it at. A broad agent gets an open instruction: investigate, find anything concerning. It can surface things you'd never have thought to ask about. It can also surface things that aren't problems, and it's harder to tell whether its findings are useful.
We chose broad. We can afford to, because narrow work is already handled by other parts of Serval’s system (deterministic workflows for small repeatable tasks, and one-time sessions when someone knows what to build). We wrote about that engine, Catalyst, in an earlier post. Proactive agents run on the same underlying system, but unprompted, which is what frees them to go looking without a specific target. That's the only way to discover unknown problems.
Our bet comes with a catch we haven't fully solved. A broad agent is only as good as its filtering: the more open the instruction, the more it surfaces, and the more the value rides on suppressing the noise. The question isn't really "narrow or broad" anymore. It's whether it can access the right tools when it needs to, find relevant results, and distinguish signal from noise. We think it can. We're not done proving it.
The hardest problem is the output
We assumed the investigation would be the hard part. A few months in, we found that filtering the results was harder.
Getting an agent to watch systems and investigate is the easy part. Getting it to produce relevant output is hard. Return the same findings every run, and people stop reading the reports. Surface fifty issues a day, most of them noise, and people start ignoring it. Either way the value disappears, and you've built a more expensive version of the alert fatigue you already had.
We fight this on a few fronts. We deduplicate issues already reported, so the agent doesn't resurface them. We rank findings by how many users or devices are affected, so the biggest ones come first. And we close the loop, so every finding gets feedback, explicit and measured. An admin can mark a finding useful or not, and the system tracks the impact: users helped, hours saved, tickets prevented. In a closed-loop system, feedback re-tunes the agent's instructions, adjusting how broad or narrow it should be and what's worth looking at next.
This is still an open problem. The ideal is an agent that surfaces exactly the issues that deserve attention, nothing more, nothing less. Getting there takes real calibration with real customers.
Finding the problem first
Most organizations have already automated the obvious things: password resets, device enrollment, access requests, provisioning. Automating those gets you to a certain level of coverage, and then the usual approach stops working. Call it the automation ceiling.
The problems above that ceiling are the ones without a known pattern to automate against, the ones that often don't even look like problems until they're widespread. The audio failure was one of them. Proactive agents are how you reach that work: they don't wait for a pattern or a prompt, they go find the problem first.
That is what raising the automation ceiling means. Not automating common use cases, but automating what couldn't be automated before.

Raising the automation ceiling
What we learned building proactive agents

Introducing Catalyst: Automating a task forever should be easier than doing it manually once
Automation tools have been around for decades. Serval changes the math on when it’s worth reaching for them - by making tasks easier to automate than do manually once.

Carl Eschenbach's Blueprint for Building Lasting Companies in the AI Era
From scaling VMware to $7B and serving as the CEO of Workday to investing in the future as a partner at Sequoia, Carl Eschenbach shares the principles he's carried across four decades of building and scaling enterprise technology's most enduring companies.

Hire High-Agency People
I have 11 direct reports, while our CTO Alex has somewhere around 30, and I expect those numbers to increase as our team grows.

Do the hard things, always
How Serval is building a universal automation platform to eliminate manual operational work across companies.

Serval’s Three Operating Principles
We don't have a culture deck. We have three operating principles.

Introducing Serval Start: A New Path for Aspiring Founders
A two-year program for builders who want to become founders — before they have a company to build.

Following the Founders: Why I Joined Serval
Founding Engineer, Kaz Hishida, tells the story of why he joined Serval.

Partnering with Serval: Empowering IT for AI Enterprise Automation
Jake, Alex and their team are giving IT teams the power to bring AI automation from their own department to every part of the organization.

Serval’s Next Chapter: Raising $75M to Build the New Era of Enterprise Automation and Service Management
We helped customers automate more than 50% of their tickets. Sequoia took notice.

Introducing Serval's AI-native access management
Serval's AI-native access management centralizes operations and improves security for IT and security teams

Gartner IT Symposium Recap: Why it matters that Serval is AI-native
Serval's AI native infrastructure provides huge benefits over legacy ITSM platforms.

General Catalyst Article: Doubling Down on Serval: Building Intelligent IT Agents for the AI Era
Investor, General Catalyst posts about Serval's Series A launch

TechCrunch Article: Serval raises $47M to bring AI agents to IT service management
TechCrunch announces Serval's Series A

Announcing $52M Total Raised to Deploy AI Agents for IT
Serval adds $47M in Series A funding, led by Redpoint Ventures with participation from First Round, General Catalyst, Box Group, Bessemer Venture Partners, Chemistry, and others.

Automate 80% of IT tickets in 24 hrs
At JNUC 2025, Serval CEO Jake Stauch showed how IT teams use Serval’s AI agents to automate 80% of help desk tickets in 24 hours. From access requests to onboarding to Jamf-specific workflows. The session highlighted how Serval unifies ITSM, workflow automation, and access management into one secure, AI-native platform used by companies like Perplexity and Verkada.

Oktane Takeaways: Serval + Okta for AI-Native Automation
How Serval works seamlessly for Okta customers

AI Agents for IT: Vibe Coding Verkada Automations with Serval
You don’t need to code to build the Verkada workflows of your dreams. Build automations from natural language prompts, unlocking the potential of Verkada’s APIs.

New Integrations for Enterprise IT: Microsoft, ServiceNow & Workday
Serval integrating with Microsoft, ServiceNow & Workday to support enterprise IT

Introducing Prebuilt Workflows
Installable, ready-made workflows for easier onboarding

Introducing Slack Shortcuts and Manual Ticket Creation
New tools for creating tickets in Serval

Introducing Manager and Multi-step Approvals
New approval features ensure robust controls over AI tool access

Is this the end of IT tickets?
See how IT ticketing is evolving with the deployment of AI agents

Serval Team Member Spotlight: Teddy Wahle
Celebrating Teddy's achievements

Introducing Serval Silent Mode
Keep Serval AI in the background and tag for help when needed

Introducing AI Feedback
Collect user feedback on Serval's AI agent and track changes in a real-time dashboard

Introducing Serval's New Public API
Create tickets from anywhere, embed AI resolutions, and sync users at scale with a single set of REST endpoints and webhooks.

Introducing Serval Integration with Jira Service Management, Freshservice, and Linear
Take advantage of Serval's AI capabilities without replacing your existing ticketing system

Introducing Private Serval Messages with Team Routing
Your own private help desk - for all your requests

Introducing Tasks in Serval Tickets
Say goodbye to Jira checkboxes. Serval tickets now track manual tasks.

Introducing GitHub Automations
Automate GitHub PRs and more from a help desk request

Serval Team Member Spotlight: Derrick Liu
Celebrating Derrick's achievements

Introducing Third Party Knowledge Base Integration
Serval's AI agent answers employee questions using docs from Notion, Confluence, etc.

Introducing Request on Behalf Of
Run workflows on behalf of other users - with approval

The Difference between Automation and Deflection in the Help Desk
They not like us

Migrating from Jira Service Management to Serval
It's easier than ever to modernize your ITSM

AI to Help Humans Work Better - Not Take Jobs
AI enables otherwise impractical best practices in IT and security

Introducing Ticket Auto Updates
"Quiet AI" for the modern ITSM

Introducing Serval’s AI-Powered Email Help Desk
AI resolutions to any help desk request over email

Serval Team Member Spotlight: Sebastien Lajeunesse-deGroot
Celebrating Sebastien's achievements at Serval

Introducing Email Support, Internal Notes, Merging, and Image Attachments
Latest features add more capabilities for Serval ITSM

Serval Copilot
AI superpowers for human agents

Introducing Image Recognition
Serval now diagnoses and resolves help desk requests from a screenshot

Serval Team Spotlight: Kaz Hishida
Celebrating Kaz's achievements at Serval

AI Insights
Serval AI categorizes historical tickets and highlights automation opportunities

Making IT Automation Safe and Secure
Guardrails are key to deploying AI in the ITSM

Analytics, Public API, and Serval for Serval Automations
Latest updates for Serval power users

Natural Language Approvals, Automated Knowledge Base Updates, and Version Control
New features for help desk automation

Automating the Automation for IT
Natural language workflow builder eliminates friction in building IT automations

Introducing Serval
AI to give IT superpowers

Serval Achieves SOC 2 Type 2 Compliance
Continuing our commitment to data security

Scheduled Workflows
Run workflows on a recurring schedule