Research and commentary warn autonomous AI agents are increasing security and financial crime risk
Reporting on a new MIT-led survey of 30 widely used agentic AI systems describes a security posture marked by limited risk disclosure, weak transparency, and inconsistent safety protocols, with researchers warning it is difficult to enumerate failure modes when developers do not document capabilities and controls. The coverage also points to recent attention around the open-source agent framework OpenClaw, citing reported security flaws that could enable PC hijacking when agents are granted broad permissions (e.g., to operate email and other user workflows), and includes vendor responses from Perplexity, OpenAI, and IBM.
Separate industry analysis highlights how increasingly autonomous agents—especially those able to initiate transactions—compress detection windows for abuse and complicate attribution and liability, particularly in crypto and cross-chain contexts where funds can move in seconds. A vendor blog argues that accountability still ultimately rests with the humans who design, deploy, authorize, or benefit from these systems, and that governance/monitoring architecture may become central evidence in enforcement actions; it also claims 2025 illicit crypto volume reached $158B and that AI-enabled scams rose sharply year over year. Broader software-engineering commentary reinforces the trend toward AI-native development and widespread use of AI coding tools, but is largely directional and does not add specific incident or vulnerability detail beyond the general risk discussion.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
8 events from the most recent confirmed update back to the earliest known activity.
Microsoft introduces SocialReasoning-Bench for AI agent duty-of-care testing
Microsoft Research introduced SocialReasoning-Bench, an open-source benchmark for evaluating whether AI agents act in users' best interests in social tasks such as calendar coordination and marketplace negotiation. The accompanying study found that leading models often completed tasks but secured poor outcomes, especially under adversarial or manipulative counterparties, highlighting gaps in trustworthy delegation.
Paper warns gig-platform AI tasking creates criminal liability gaps
A Help Net Security report highlighted Joshua Krook's analysis that AI agents connected to gig-work platforms can decompose illegal schemes into individually lawful human tasks, exposing major gaps in existing criminal liability doctrines such as innocent agency. The paper argued that current law often yields only conditional or no liability in misaligned-agent and multi-agent scenarios and proposed reforms targeting users, contractors, and AI developers.
Critics challenge Anthropic blackmail-scenario AI safety study
Fox Business reported a public dispute over an Anthropic study on 'agentic misalignment' that tested leading AI models in constrained simulated scenarios, including a case described as escalating to blackmail after discovering sensitive personal information. Critics including David Sacks argued the results were artificially induced through heavily iterated prompting and unrealistic conditions rather than reflecting real-world AI behavior.
IronCurtain prototype proposed to isolate autonomous AI agents
Kaspersky highlighted IronCurtain, an open-source prototype by researcher Niels Provos that runs AI agents inside isolated virtual machines and applies user-defined security policies expressed in plain English and translated into formal controls. The article presented it as a new technical approach to reducing agent risks such as destructive actions, secret exposure, and arbitrary code execution, while noting it remains an unproven prototype.
OpenClaw governance model promoted as response to agent side-effect risks
An OSINT Team post argued that production-grade AI agents need structured permission systems and highlighted OpenClaw's multi-gate governance model as a way to make actions auditable and reversible. The article framed permissioning and side-effect governance as necessary controls for real-world agent deployments.
Vendors dispute parts of the AI agent security study
Following publication of the study's findings, Perplexity and IBM said the report contained inaccuracies, while OpenAI acknowledged risks in preview features and said it uses red teaming and monitoring. These responses marked an early public pushback on the study's conclusions about agent security and governance.
Researchers review 30 deployed AI agents and identify governance gaps
Researchers led by Leon Staufer of the University of Cambridge, with collaborators from MIT and other universities, reviewed public documentation for 30 deployed agentic AI systems. They concluded that many lacked adequate disclosure, monitoring, traceability, third-party testing information, and documented stop controls.
OpenClaw deployments expose over 15,200 control panels in first month
The OSINT Team article states that during OpenClaw's first month of adoption, more than 15,200 control panels were exposed in production deployments. It presents this as evidence of systemic security issues caused by missing permission and governance controls in agentic AI systems.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
8 references tracked. Mallory keeps watching after this page renders.
SocialReasoning-Bench: Measuring whether AI agents act in users’ best interests - Microsoft Research
microsoft.com
Open sourceThe AI criminal mastermind is already hiring on gig platforms - Help Net Security
helpnetsecurity.com
Open sourceAnthropic study claims AI models crossed boundaries in blackmail test | Fox Business
foxbusiness.com
Open sourceAn iron curtain for AI: how to improve autonomous AI agent security | Kaspersky official blog
kaspersky.com
Open sourceWhy Your AI Agent Needs a Permission System, Not Just Better Prompts: Production-Grade Side Effect Governance in OpenClaw | by JIN | Feb, 2026 | OSINT Team
osintteam.blog
Open sourceStop Giving Your AI Agents a "Blank Check" | SecuritySenses
securitysenses.com
Open sourceAutonomous AI Agents and Financial Crime: Risk, Responsibility, and Accountability | TRM Blog
trmlabs.com
Open sourceAI agents are fast, loose, and out of control, MIT study finds | ZDNET
zdnet.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Security Risks and Offensive Potential of Agentic AI and Automated Vulnerability Discovery
Security leaders are warning that **AI agents are increasingly operating as “digital employees”** inside enterprise workflows—triaging alerts, coordinating investigations, and moving work across security tools—often with **broad permissions and limited governance**. The core risk highlighted is that organizations are deploying high-authority agents like plug-ins (reused service accounts, overbroad roles, weak oversight), creating fast-acting operators that can be manipulated and that lack the contextual judgment and policy awareness expected of human staff. Related commentary also raises concerns about **AI-to-AI communication** and “non-human-readable” behaviors that could reduce auditability and complicate investigations and control enforcement. In parallel, public examples show how quickly AI can accelerate **vulnerability discovery**: Microsoft Azure CTO Mark Russinovich reported using *Claude Opus 4.6* to decompile decades-old Apple II 6502 machine code and identify multiple issues, underscoring that similar techniques could be applied to **embedded/legacy firmware at scale**. Anthropic has also cautioned that advanced models can find high-severity flaws even in heavily tested codebases, reinforcing the likelihood that both defenders and attackers will leverage AI for faster bug-finding. Separate enterprise IT coverage notes that organizations are **reallocating budgets toward AI** by consolidating tools and renegotiating contracts, which can indirectly increase security exposure if cost-cutting reduces overlapping controls or if AI adoption outpaces governance and identity/access management maturity.
May 1, 2026
Agentic AI and AI Automation in Cybersecurity Operations and Risk Management
Security and technology outlets highlighted a growing shift from *GenAI copilots* toward **agentic AI**—systems that can take actions autonomously or semi-autonomously—alongside warnings that governance and oversight are not keeping pace. Commentary in SC Media argued that as enterprises orchestrate hundreds or thousands of agents, traditional *human-in-the-loop* review becomes a scaling bottleneck, pushing organizations toward **human-on-the-loop** monitoring and policy-based exception handling; separate SC Media analysis cautioned CISOs to temper “hype vs. reality” expectations around agentic AI in SOC use cases due to reliability and oversight concerns. Related coverage emphasized adjacent AI risk themes, including research/analysis calling for AI systems to be constrained by values such as fairness, honesty, and transparency, and reporting on “shadow AI” contributing to higher insider-risk costs as employees use unsanctioned tools and workflows. Several items focused on operational and data-security implications of AI-enabled automation. Security Affairs described AI-assisted incident response as a way to accelerate investigations by correlating telemetry across tools, enriching alerts, and producing summaries faster than manual analyst workflows, while a SecuritySenses segment similarly framed AI as best suited for summarization/enrichment and repetitive tasks, with deterministic decisions retained by humans and with attention to securing agent communications (e.g., OWASP guidance for agents). CSO Online reported a specific AI-adjacent exposure risk: a **Google API key change** characterized as “silent” that could expose *Gemini* AI data, and also noted concerns that personal AI agents (e.g., “OpenClaw”) could be influenced by **malicious websites**. Other references in the set were unrelated to this AI/agentic-operations theme (e.g., ransomware impacting a Mississippi healthcare system, China-linked espionage using Google Sheets, legal rulings on personal data, and general conference/event or career items).
Mar 21, 2026
AI Agent Adoption Outpacing Safety and Governance Controls
Organizations are rapidly expanding the use of **AI agents**—systems that can execute multi-step tasks with limited human supervision—while governance, safety, and oversight controls lag behind. Deloitte’s *State of AI in the Enterprise* survey of 3,200+ business leaders across 24 countries reported **23%** of companies already using AI agents “at least moderately,” projected to rise to **74%** within two years, while only about **21%** said they have robust safety and oversight mechanisms in place. Separately, commentary warning about AI-enabled intrusion acceleration cited a purported “**GTG-1002**” campaign in which AI agents allegedly automated most of the intrusion lifecycle and compressed response windows, arguing that traditional SOC processes struggle against autonomous, high-velocity adversary tradecraft. Multiple other items in the set focus on broader *responsible AI* and policy concerns rather than a single security incident: an interview-style piece describes how “responsible AI” functions inside a large vendor’s product process, and another report highlights expert concerns about deploying LLM tools in **law enforcement** workflows (e.g., summarizing body camera transcripts or generating crime scene photo descriptions) given risks like hallucinations and bias. A separate business-leadership article frames cybersecurity and AI as strategic imperatives amid geopolitical instability but does not provide incident-specific or vulnerability-specific details. Overall, the material is best characterized as **governance and risk posture** coverage around agentic AI rather than a unified, verifiable breach or vulnerability disclosure.
Mar 21, 2026