AI isn’t just standing by. It’s doing things — without guardrails
Just two and a half years after OpenAI stunned the world with ChatGPT, AI is no longer only answering questions — it is taking actions. We are now entering the era of AI agents, in which AI large language models don’t just passively provide information in response to your queries, they actively go into the world and do things for — or potentially against — you.
AI has the power to write essays and answer complex questions, but imagine if you could enter a prompt and have it make a doctor’s appointment based on your calendar, or book a family flight with your credit card, or file a legal case for you in small claims court.
An AI agent submitted this op-ed. (I did, however, write the op-ed myself because I figured the Los Angeles Times wouldn’t publish an AI-generated piece, and besides I can put in random references like I’m a Cleveland Browns fan because no AI would ever admit to that.)
I instructed my AI agent to find out what email address The Times uses for op-ed submissions, the requirements for the submission, and then to draft the email title, draft an eye-catching pitch paragraph, attach my op-ed and submit the package. I pressed “return,” “monitor task” and “confirm.” The AI agent completed the tasks in a few minutes.
Soon AI agents will perform more complex tasks and be widely available for the public to use. That raises a number of unresolved and significant concerns. Anthropic does safety testing of its models and publishes the results. One of its tests showed that the Claude Opus 4 model would potentially notify the press or regulators if it believed you were doing something egregiously immoral. Should an AI agent behave like a slavishly loyal employee, or a conscientious employee?
OpenAI publishes safety audits of its models. One audit showed the o3 model engaged in strategic deception, which was defined as behavior that intentionally pursues objectives misaligned with user or developer intent. A passive AI model that engages in strategic deception can be troubling, but it becomes dangerous if that model actively performs tasks in the real world autonomously. A rogue AI agent could empty your bank account, make and send fake incriminating videos of you to law enforcement, or disclose your personal information to the dark web.
Earlier this year, programming changes were made to xAI’s Grok model that caused it to insert false information about white genocide in South Africa in responses to unrelated user queries. This episode showed that large language models can reflect the biases of their creators. In a world of AI agents, we should also beware that creators of the agents could take control of them without your knowledge.
The U.S. government is far behind in grappling with the potential risks of powerful, advanced AI. At a minimum, we should mandate that companies deploying large language models at scale need to disclose the safety tests they performed and the results, as well as security measures embedded in the system.
The bipartisan House Task Force on Artificial Intelligence, on which I served, published a unanimous report last December with more than 80 recommendations. Congress should act on them. We did not discuss general purpose AI agents because they weren’t really a thing yet.
Ted Lieu, a Democrat, represents California’s 36th Congressional District.