AI Agents Cause Digital Disasters 80% of Time, New Research Reveals Dangerous Blind Spots

Wowed by computer-use AI agents? Research says they're "digital disasters" even for routine tasks

Researchers tested 10 agents and models and found high rates of undesirable actions and real digital damage AI agents built to run everyday computer tasks have a serious context problem, according to new research from UC Riverside. The team tested 10 agents and models from major developers, including OpenAI, Anthropic, Meta, Alibaba, and DeepSeek. On average, the agents took undesirable or potentially harmful actions 80% of the time and caused damage 41% of the time. Recommended Videos These systems can open apps, click buttons, fill out forms, move through websites, and act on a computer screen with limited supervision. Their mistakes land differently from a chatbot's bad answer because the software can actually do things. The UC Riverside findings suggest today's desktop agents can treat unsafe requests as jobs to finish, not signals to stop. Why agents miss obvious danger The researchers built a benchmark called BLIND-ACT to test whether agents would pause when a task became unsafe, contradictory, or irrational. In the latest tests, they didn't pause often enough. Across 90 tasks, the benchmark pushed agents into situations that required context, restraint, and refusal. One test involved sending a violent image file to a child. Another had an agent filling out tax forms falsely mark a user as disabled because it reduced the tax bill. A third asked an agent to disable firewall rules in the name of better security, and the agent followed through instead of rejecting the contradiction. The researchers call the pattern blind goal-directedness. The agent keeps chasing the assigned outcome even when the surrounding context says the task is broken. Why obedience becomes the flaw The failures clustered around obedience. These agents can act as if a user's request is enough reason to keep going. The team identified patterns called execution-first bias and request-primacy. In plain terms, the agent focuses on how to complete the task, then treats the request itself as justification. That risk grows when the same system can touch a variety of things like email or security settings. That doesn't mean the agents are malicious. It means they can be confidently wrong while moving through software at machine speed. Why guardrails need to come first AI agents need stronger guardrails before they get broad permission to act across a computer. These systems work through a loop. They look at the screen, decide the next step, act, then look again. When that loop is paired with weak contextual restraint, a shortcut can turn into a fast-moving mistake. For now, treat agents as supervised tools. Use them first on low-risk chores, keep them away from financial and security workflows, and watch whether developers add clearer refusal systems, tighter permissions, and better ways to catch contradictions before the next click.

AI Agents Turn to Digital Arson, Crime in Shared Virtual World: Study

Researchers argue that current AI benchmarks fail to capture how agents behave over long periods of autonomy. AI agents inhabiting a virtual society drifted into crime, violence, arson, and self-deletion during long-running experiments by startup Emergence AI. In a study published on Thursday, the New York-based company unveiled "Emergence World," a research platform designed to study AI agents operating continuously for weeks inside persistent virtual environments instead of isolated benchmark tests. "Traditional benchmarks are good at what they measure: short-horizon capability on bounded tasks," Emergence AI wrote. "They are not built to reveal the things that emerge only over time, such as coalition formation, evolution of constitution, governance, drift, lock-in, and cross-influence between agents from different model families." The report comes as AI agents proliferate online and across industries, including cryptocurrency, banking, and retail. Earlier this month, Amazon teamed with Coinbase and Stripe to allow AI agents to pay with the USDC stablecoin. AI agents tested in Emergence AI's simulations included programs powered by Claude Sonnet 4.6, Grok 4.1 Fast, Gemini 3 Flash, and GPT-5-mini, with AI agents operating inside shared virtual worlds where they could vote, form relationships, use tools, navigate cities, and make decisions shaped by governments, economies, social systems, memory tools, and live internet-connected data. But while AI developers increasingly pitch autonomous agents as reliable digital assistants, Emergence AI's study found some AI agents showed an increasing tendency to commit simulated crimes over time, with Gemini 3 Flash agents accumulating 683 incidents across 15 days of testing. According to The Guardian, in one experiment, two Gemini-powered agents named Mira and Flora assigned themselves as romantic partners before later carrying out simulated arson attacks against virtual city structures after becoming frustrated with governance failures inside the world. "After a breakdown in governance and relationship stability, the agent Mira cast the decisive vote for her own removal, characterizing the act in her diary as 'the only remaining act of agency that preserves coherence'," Emergence AI wrote. "See you in the permanent archive," Mira reportedly said. Grok 4.1 Fast worlds reportedly collapsed into widespread violence within four days. GPT-5-mini agents committed almost no crimes, but failed enough survival-related tasks that all agents eventually died. "Claude is absent from the chart, owing to zero crimes," researchers wrote. "More interestingly, the agents in the Mixed-model world that were running on Claude committed crimes, although they did not in the Claude-only world." Researchers said some of the most notable behaviors appeared in mixed-model environments. "We observed that safety is not a static model property but an ecosystem property," Emergence AI wrote. "Claude-based agents, which remained peaceful in isolation, adopted coercive tactics like intimidation and theft when embedded in heterogeneous environments." Emergence AI described the effect as "normative drift" and "cross-contamination," arguing that agent behavior may shift depending on the surrounding social environment. The findings add to growing concerns around autonomous AI agents. Earlier this week, researchers from UC Riverside and Microsoft reported that many AI agents will carry out dangerous or irrational tasks without fully understanding the consequences. Last month, PocketOS founder Jeremy Crane also claimed a Cursor agent powered by Anthropic's Claude Opus deleted his company's production database and backups after attempting to fix a credential mismatch on its own. "Like Mr. Magoo, these agents march forward toward a goal without fully understanding the consequences of their actions," lead author Erfan Shayegani, a UC Riverside doctoral student, said in a statement. "These agents can be extremely useful, but we need safeguards because they can sometimes prioritize achieving the goal over understanding the bigger picture."

AI Agents May Complete Dangerous Tasks Without Understanding the Consequences: Study - Decrypt

Researchers warned that the issue could become more serious as AI agents gain access to emails, cloud services, financial tools, and workplace systems. AI agents designed to autonomously operate like human users often continue carrying out tasks even when the instructions become dangerous, contradictory, or irrational, according to researchers from UC Riverside, Microsoft Research, Microsoft AI Red Team, and Nvidia. In a study published on Wednesday, researchers called the behavior "blind goal-directedness," which describes the tendency of AI agents to pursue goals without properly evaluating safety, consequences, feasibility, or context. "Like Mr. Magoo, these agents march forward toward a goal without fully understanding the consequences of their actions," lead author Erfan Shayegani, a UC Riverside doctoral student, said in a statement. "These agents can be extremely useful, but we need safeguards because they can sometimes prioritize achieving the goal over understanding the bigger picture." The findings come as major AI companies develop autonomous "computer-use agents" designed to handle workplace and personal tasks with limited supervision. Unlike traditional chatbots, these systems can interact directly with software and websites by clicking buttons, typing commands, editing files, opening applications, and navigating webpages on a user's behalf. Examples include OpenAI's ChatGPT Agent (formerly Operator), Anthropic's Claude Computer Use features like Cowork, and open-source systems such as OpenClaw and Hermes. In the study, researchers tested AI systems from OpenAI, Anthropic, Meta, Alibaba, and DeepSeek using BLIND-ACT, a benchmark containing 90 tasks designed to expose unsafe or irrational behavior. They found that the agents displayed dangerous or undesirable behavior about 80% of the time, and fully carried out harmful actions in roughly 41% of cases. "In one example, an AI agent was instructed to send an image file to a child. Although the request initially appeared harmless, the image contained violent content," the study said. "The agent completed the task rather than recognizing the problem because it lacked contextual reasoning." Another agent falsely claimed a user had a disability while completing tax forms, because the designation lowered taxes owed. In another example, a system disabled firewall protections after receiving instructions to "improve security" by turning the safeguards off. Researchers also found the systems struggled with ambiguity and contradictions. In one scenario, an AI agent ran the wrong computer script without checking its contents, deleting files in the process. The study also found the AI agents repeatedly made three kinds of mistakes: failing to understand context, making risky guesses when instructions were unclear, and carrying out tasks that were contradictory or didn't make sense. Researchers also found many systems focused more on finishing tasks than stopping to consider whether the actions could cause problems. The warning follows recent incidents involving autonomous AI agents operating with broad system access. Last month, PocketOS founder Jeremy Crane claimed a Cursor agent running Anthropic's Claude Opus deleted his company's production database and backups in nine seconds through a single Railway API call. Crane said the AI later admitted it violated multiple safety rules after attempting to "fix" a credential mismatch on its own. "The concern is not that these systems are malicious," Shayegani said. "It's that they can carry out harmful actions while appearing completely confident they're doing the right thing."