Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
AI agents are certainly having a moment. Among the recent spread of OpenClaw, multibook and OpenAI She plans to take her agent features To the next level, it might just be the agent’s year.
Why? Well, they can plan, Write the code,browsing the web and Perform multi-step tasks With little supervision. Some even promise to manage your workflow. Others coordinate with tools and systems across your desktop.
The appeal is clear. These systems just don’t respond. they represents – For you and on your behalf. But when researchers stand behind MIT Proxy Index for Artificial Intelligence They cataloged 67 widespread proxy systems, and found something disturbing.
Developers are careful to describe what their agents can do He does. They are much less enthusiastic about describing whether or not these customers are security.
“Leading AI developers and startups are deploying agentic AI systems that can plan and execute complex tasks with limited human involvement.” The researchers wrote in the paper. “However, there is currently no structured framework for documenting…the safety features of agent systems.”
This gap is clearly visible in the numbers: about 70% of indexing agents submit documentation, and nearly half of them publish code. But only about 19% disclose a formal safety policy, and less than 10% disclose external safety assessments.
The research confirms that although developers are quick to tout the capabilities and practicality of agent systems, they are also quick to provide limited information regarding safety and risks. The result is an unbalanced type of transparency.
What is considered an artificial intelligence agent?
The researchers were intentional about what led to the reduction, and not all chatbots qualified. To be included, the system had to operate with ill-defined goals and strive to achieve goals over time. It also had to take actions affecting an environment with limited human mediation. These are systems that decide the intermediate steps themselves. They can break down general instructions into subtasks, use tools, plan, complete, and repeat.
This independence is what makes them strong. This also raises risks.
When a model simply generates text, its failures are usually contained in that one output. When an AI agent accesses files, sends emails, makes purchases, or edits documents, bugs and exploits can be malicious and spread through the steps. However, the researchers found that most developers do not publicly detail how they test these scenarios.
Ability is general, but handrails are not
The most eye-catching model the study It is not hidden deep in the table, but is repeated throughout the paper.
Developers are comfortable sharing demos, benchmarks, and ease of use of these AI agents, but are much less consistent about sharing safety assessments, internal testing procedures, or third-party risk audits.
This imbalance is even more significant as agents move from prototypes to digital actors integrated into real workflows. Many indexed systems operate in areas such as software engineering and computer usage—environments that often involve sensitive data and meaningful control.
MIT’s AI Agent Index does not claim that agent AI is unsafe in its entirety, but it does show that as autonomy increases, structured transparency around safety has not kept pace.
Technology is accelerating. Guardrails are harder to see, at least publicly.