// GLOSSARY -- AGENTIC AI

What is a Subagent?

2 min read Updated

A subagent is a child agent spawned by an orchestrating agent to handle a delegated task, running with its own context window and typically a constrained subset of tools. It works independently and returns a result to the parent, which never sees the subagent's intermediate steps.

WHY IT MATTERS

Subagents solve two problems at once. First, context isolation: a research or search task might read dozens of files or web pages, but the parent only needs the conclusion. Running that work in a subagent keeps the intermediate output out of the parent's context window. Second, parallelism: an orchestrator can fan out several subagents at once and combine their results.

Subagents also create a natural permission boundary. Because each subagent is configured with its own toolset, an orchestrator can hand a task to a read-only researcher while reserving write and execute capabilities for itself — a practical application of least privilege inside a multi-agent system. Coding agents such as Claude Code expose this directly: user-defined subagents declare which tools they may use, and the parent delegates accordingly.

From a governance perspective, subagents multiply the number of actors making tool calls. A single user request can fan out into many concurrent agents, each calling MCP tools under the same credentials — which makes attribution, rate limiting, and policy enforcement at the tool-call layer more important, not less.

Running agents against MCP servers? Route them through PolicyLayer and every tool call is checked against policy first.

PUT POLICY ON YOUR TOOL CALLS →

Enforced before the call runs. Nothing to install.

HOW POLICYLAYER USES THIS

When subagents route their MCP traffic through the PolicyLayer gateway, every tool call they make is evaluated against the same deterministic policies as the parent agent's calls, and each call is recorded in the audit trail. Policy holds regardless of how deep the delegation chain goes, because enforcement sits between the agents and the upstream servers rather than inside any one agent's configuration.

See how PolicyLayer governs agent tool calls →

FREQUENTLY ASKED QUESTIONS

Why give a subagent fewer tools than its parent?
A constrained toolset limits what a delegated task can do — a search subagent with read-only tools cannot modify files or call destructive APIs, even if it is manipulated or goes off-task.
Do subagents share the parent agent's context?
No. A subagent starts with its own context containing only the task prompt it was given. The parent receives the subagent's final result, not its intermediate reasoning or tool output.
Are subagents the same as a multi-agent system?
Subagents are one pattern within multi-agent systems: a hierarchical orchestrator-worker arrangement. Multi-agent systems more broadly include peer-to-peer and pipeline topologies.

FURTHER READING

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

PUT POLICY ON YOUR TOOL CALLS →

Free to start. No card required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.