They're viable, you just have to think about them differently than how you think about support employees.
With humans, it's acceptable to have an "authenticate a customer" tool and a "reset the customer's password" tool as two separate applications. You can put in the manual that the latter can only be used after the former.
With agents, you can achieve the same outcome, but the constraint needs to be enforced by code, not job training and employee handbooks.
Useful support agents = can do things user doesn’t have permission for = are a vulnerable attack vector.
Or they don’t have permission and are just glorified KB search.