22 Interview Questions That Separate AI Engineers From AI Users
The gap between prompting an LLM and engineering an Agent system is wide, and these 22 questions define the syllabus. A developer who can reason about chunk overlap, tool-loop recovery, and layered safety will ship reliable agents; one who cannot will ship demos that break in production.
A set of 22 interview questions maps the terrain from LLM internals—context windows, the Lost-in-the-Middle phenomenon, and sampling parameters—through Agent design patterns like ReAct and Plan-and-Execute, to the gritty details of tool definitions, error handling, and multi-agent coordination. Each answer supplies concrete tactics: why Temperature should sit near zero for tool selection, how to detect and break a Tool Loop, and what a layered defense against prompt injection looks like in code.
The second half shifts to production reality. RAG chunking strategies, context-window compression, and a three-tier evaluation framework get the same treatment as cost-control levers—token budgets, model tiering, and cache hits. A full Android technical-advisor Agent architecture and an on-device mobile Agent design close the loop, with explicit lists of which tools to expose and which to lock down.
Throughout, the emphasis stays on engineering trade-offs: when to split into multiple agents versus keeping one, why tool count above 20 tanks selection accuracy, and how to test a non-deterministic system with SLOs instead of pass/fail assertions.
Tool-calling accuracy degrades exponentially with tool count, not linearly—a fact that makes tool grouping a hard requirement, not an optimization, once you pass roughly 20 tools.
The advice to keep System Prompts short collides with the equally common advice to write detailed tool descriptions; the real skill is allocating the token budget ruthlessly, cutting anything that doesn't directly improve tool selection or output quality.
Prompt injection is a fundamentally different threat in Agent systems than in chatbots because the attacker's payload can cross the text-to-action boundary; every tool-execution layer must treat LLM output as untrusted input.
Agent evaluation cannot borrow the pass/fail mindset of unit testing; teams that don't adopt statistical SLOs and regression suites will ship agents whose behavior drifts silently after every model update.
The ReAct vs. Plan-and-Execute debate is mostly a false choice in production—the hybrid pattern of a high-level plan with ReAct-style execution steps is what actually ships.
Cost control in Agent systems is not an ops concern but a design constraint; a single unguarded conversation can burn more budget than a month of normal traffic, so caps must be architectural, not reactive.
The discussion is light, with no substantive engagement with the article's technical content. One exchange questions whether the author has moved beyond the article's scope to on-device models, while the other simply praises the article and wonders at the lack of likes.
See top comments, translated →