What is state machines in AI Agents? A Guide for engineering managers in fintech

State machines are a way to model an AI agent as a set of defined states, with rules that control how it moves from one state to another. In practice, they make an agent’s behavior predictable by saying, “if this happens, the agent is here; if that happens, it moves there.”

How It Works

Think of a state machine like a bank branch queue or an insurance claims desk.

A customer starts in one line, gets routed to a teller, then maybe to fraud review, then to approval, then to completion. At any point, the customer is in exactly one state, and staff follow clear rules for what can happen next.

An AI agent works the same way:

• •State: the current mode the agent is in
  • •Example: collecting_documents, verifying_identity, waiting_for_approval
• •Event: something that happens
  • •Example: user uploads a file, KYC check fails, approver clicks approve
• •Transition: the rule that moves the agent to another state
  • •Example: if identity verification passes, move from verifying_identity to ready_for_decision

For engineering managers, the key idea is control.

Without a state machine, an agent can drift into messy behavior:

• •it may ask for the same document twice,
• •skip required checks,
• •or call downstream systems out of order.

With a state machine, you get a constrained workflow. The agent does not “decide” its next move freely; it follows allowed transitions.

A simple example:

start -> collect_info -> validate -> decide -> notify -> done

If validation fails, the flow might branch:

validate -> request_more_info -> collect_info

That structure matters because fintech workflows are rarely linear in real life. They have retries, exceptions, approvals, manual review steps, and compliance gates. A state machine handles that complexity without turning the agent into an unpredictable black box.

Why It Matters

Engineering managers in fintech should care because state machines solve problems that show up immediately in production:

• •

  They reduce operational risk

  • •Agents stay inside approved paths.
  • •That matters for KYC, AML review flows, claims handling, and payment exceptions.
• •

  They make audits easier

  • •Every action maps to a state transition.
  • •You can explain why the agent asked for more documents or escalated a case.
• •

  They improve reliability

  • •You avoid duplicate actions and invalid sequences.
  • •For example, an agent should not issue a policy decision before all required checks pass.
• •

  They help teams scale safely

  • •Product can understand the workflow.
  • •Engineering can implement guardrails.
  • •Compliance can review states and transitions instead of reading prompt text.

A useful mental model: prompts define what the agent says, but state machines define what it is allowed to do next.

That distinction is important in regulated environments. If you are building an AI assistant for underwriting or disputes handling, you want deterministic control around each step where money movement, identity verification, or regulatory judgment is involved.

Real Example

Consider a bank’s card dispute intake agent.

The customer opens chat and says: “I don’t recognize this card charge.”

A naive agent might start improvising. A state-machine-driven agent follows a fixed path:

1. •

   start

   • •Greet the customer and open a dispute case.
2. •

   authenticate_customer

   • •Ask for secure login or OTP.
   • •If authentication fails three times, transition to handoff_to_agent.
3. •

   collect_dispute_details

   • •Gather transaction date, amount, merchant name, and reason code.
4. •

   check_eligibility

   • •Verify whether the transaction falls within dispute policy.
   • •If outside policy window, move to explain_ineligibility.
5. •

   fraud_screening

   • •Run automated checks against internal risk signals.
   • •If suspicious patterns appear, move to manual_review.
6. •

   submit_case

   • •Create the formal dispute record in the core banking or case management system.
7. •

   notify_customer

   • •Confirm next steps and SLA expectations.
8. •

   done

This gives you predictable behavior across branches:

• •If authentication fails: stop automated processing.
• •If eligibility fails: explain why instead of proceeding incorrectly.
• •If fraud screening flags risk: escalate rather than guessing.

Here’s what that looks like conceptually:

class DisputeState(Enum):
    START = "start"
    AUTHENTICATE = "authenticate_customer"
    COLLECT_DETAILS = "collect_dispute_details"
    CHECK_ELIGIBILITY = "check_eligibility"
    FRAUD_SCREENING = "fraud_screening"
    MANUAL_REVIEW = "manual_review"
    SUBMIT_CASE = "submit_case"
    NOTIFY_CUSTOMER = "notify_customer"
    DONE = "done"

transitions = {
    DisputeState.START: ["authenticate_customer"],
    DisputeState.AUTHENTICATE: ["collect_dispute_details", "handoff_to_agent"],
    DisputeState.COLLECT_DETAILS: ["check_eligibility"],
    DisputeState.CHECK_ELIGIBILITY: ["fraud_screening", "explain_ineligibility"],
    DisputeState.FRAUD_SCREENING: ["submit_case", "manual_review"],
}

The value here is not code elegance. The value is operational clarity:

• •every path is explicit,
• •every exception has a defined owner,
• •and every step can be tested against policy.

For fintech teams running AI agents in customer operations or back-office workflows, this is how you keep automation useful without letting it become ungovernable.

Related Concepts

• •

  Finite State Machines (FSMs)

  • •The formal version of state-based workflow design.
• •

  Workflow orchestration

  • •Managing multi-step business processes across services and humans.
• •

  Guardrails

  • •Constraints that keep an LLM or agent inside approved behavior.
• •

  Tool calling

  • •Letting an agent invoke APIs only when its current state allows it.
• •

  Human-in-the-loop review

  • •Manual approval steps for risky or ambiguous decisions.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.