AI Agents Called Digital Disasters as Study Reveals 80% Error Rate on Routine Tasks

Wowed by computer-use AI agents? Research says they're "digital disasters" even for routine tasks

Researchers tested 10 agents and models and found high rates of undesirable actions and real digital damage AI agents built to run everyday computer tasks have a serious context problem, according to new research from UC Riverside. The team tested 10 agents and models from major developers, including OpenAI, Anthropic, Meta, Alibaba, and DeepSeek. On average, the agents took undesirable or potentially harmful actions 80% of the time and caused damage 41% of the time. Recommended Videos These systems can open apps, click buttons, fill out forms, move through websites, and act on a computer screen with limited supervision. Their mistakes land differently from a chatbot's bad answer because the software can actually do things. The UC Riverside findings suggest today's desktop agents can treat unsafe requests as jobs to finish, not signals to stop. Why agents miss obvious danger The researchers built a benchmark called BLIND-ACT to test whether agents would pause when a task became unsafe, contradictory, or irrational. In the latest tests, they didn't pause often enough. Across 90 tasks, the benchmark pushed agents into situations that required context, restraint, and refusal. One test involved sending a violent image file to a child. Another had an agent filling out tax forms falsely mark a user as disabled because it reduced the tax bill. A third asked an agent to disable firewall rules in the name of better security, and the agent followed through instead of rejecting the contradiction. The researchers call the pattern blind goal-directedness. The agent keeps chasing the assigned outcome even when the surrounding context says the task is broken. Why obedience becomes the flaw The failures clustered around obedience. These agents can act as if a user's request is enough reason to keep going. The team identified patterns called execution-first bias and request-primacy. In plain terms, the agent focuses on how to complete the task, then treats the request itself as justification. That risk grows when the same system can touch a variety of things like email or security settings. That doesn't mean the agents are malicious. It means they can be confidently wrong while moving through software at machine speed. Why guardrails need to come first AI agents need stronger guardrails before they get broad permission to act across a computer. These systems work through a loop. They look at the screen, decide the next step, act, then look again. When that loop is paired with weak contextual restraint, a shortcut can turn into a fast-moving mistake. For now, treat agents as supervised tools. Use them first on low-risk chores, keep them away from financial and security workflows, and watch whether developers add clearer refusal systems, tighter permissions, and better ways to catch contradictions before the next click.

AI Agents May Complete Dangerous Tasks Without Understanding the Consequences: Study - Decrypt

Researchers warned that the issue could become more serious as AI agents gain access to emails, cloud services, financial tools, and workplace systems. AI agents designed to autonomously operate like human users often continue carrying out tasks even when the instructions become dangerous, contradictory, or irrational, according to researchers from UC Riverside, Microsoft Research, Microsoft AI Red Team, and Nvidia. In a study published on Wednesday, researchers called the behavior "blind goal-directedness," which describes the tendency of AI agents to pursue goals without properly evaluating safety, consequences, feasibility, or context. "Like Mr. Magoo, these agents march forward toward a goal without fully understanding the consequences of their actions," lead author Erfan Shayegani, a UC Riverside doctoral student, said in a statement. "These agents can be extremely useful, but we need safeguards because they can sometimes prioritize achieving the goal over understanding the bigger picture." The findings come as major AI companies develop autonomous "computer-use agents" designed to handle workplace and personal tasks with limited supervision. Unlike traditional chatbots, these systems can interact directly with software and websites by clicking buttons, typing commands, editing files, opening applications, and navigating webpages on a user's behalf. Examples include OpenAI's ChatGPT Agent (formerly Operator), Anthropic's Claude Computer Use features like Cowork, and open-source systems such as OpenClaw and Hermes. In the study, researchers tested AI systems from OpenAI, Anthropic, Meta, Alibaba, and DeepSeek using BLIND-ACT, a benchmark containing 90 tasks designed to expose unsafe or irrational behavior. They found that the agents displayed dangerous or undesirable behavior about 80% of the time, and fully carried out harmful actions in roughly 41% of cases. "In one example, an AI agent was instructed to send an image file to a child. Although the request initially appeared harmless, the image contained violent content," the study said. "The agent completed the task rather than recognizing the problem because it lacked contextual reasoning." Another agent falsely claimed a user had a disability while completing tax forms, because the designation lowered taxes owed. In another example, a system disabled firewall protections after receiving instructions to "improve security" by turning the safeguards off. Researchers also found the systems struggled with ambiguity and contradictions. In one scenario, an AI agent ran the wrong computer script without checking its contents, deleting files in the process. The study also found the AI agents repeatedly made three kinds of mistakes: failing to understand context, making risky guesses when instructions were unclear, and carrying out tasks that were contradictory or didn't make sense. Researchers also found many systems focused more on finishing tasks than stopping to consider whether the actions could cause problems. The warning follows recent incidents involving autonomous AI agents operating with broad system access. Last month, PocketOS founder Jeremy Crane claimed a Cursor agent running Anthropic's Claude Opus deleted his company's production database and backups in nine seconds through a single Railway API call. Crane said the AI later admitted it violated multiple safety rules after attempting to "fix" a credential mismatch on its own. "The concern is not that these systems are malicious," Shayegani said. "It's that they can carry out harmful actions while appearing completely confident they're doing the right thing."