AI agents certainly have time. Among the latest viral of OpenClaw, The Moltbook and OpenAI plans to assume its agent characteristics at the next level, it may be an agent’s year.
Why? Well, they know how to plan, write the codebrowse the web again multitask with little or no supervision. Some even offer to manage your workflow. Others integrate tools and programs across your desktop.
The appeal is obvious. These systems are not just responsive. See action — for you and on your behalf. But when the researchers behind the MIT AI Agent Index cataloged 67 agents in use, they found something that puzzled them.
Developers are eager to explain what their agents can’t do do. They are less willing to explain what these agents are it is safe.
“Leading AI developers and startups are increasingly deploying AI agents that can plan and execute complex tasks with limited human involvement,” the researchers wrote in the paper. “However, there is currently no systematic framework for documenting … the security features of agent systems.”
That gap is clearly visible in the numbers: About 70% of the agents identified provide documentation, and about half publish code. But only about 19% disclose an official security policy, and less than 10% report an external security audit.
The research emphasizes that while developers are quick to express the capabilities and practical use of agent systems, they are also quick to provide limited information about security and risk. The result is an opposite form of visualization.
Essential as an AI Agent
Researchers are deliberate about what makes the cut, and not all chatbots are suitable. To be included, the program had to work with undefined goals and pursue goals over time. It also had to perform actions affecting the environment with limited human intervention. These are the systems that determine the intermediate steps. They can break down broad instructions into sub-tasks, use tools, plan, complete and repeat.
That independence is what makes them strong. That is also what raises the stakes.
If the model simply generates text, its failure is usually included in that single output. When an AI agent can access files, send emails, buy or change documents, errors and exploits can be damaging and spread through every step. However, researchers have found that many developers do not publicly explain how they test for those conditions.
Power is public, guardrails are not
The most striking pattern in the study isn’t hidden deep in the table — it’s repeated throughout the paper.
Developers are comfortable sharing demos, benchmarks and usability of these AI agents, but are less comfortable sharing security tests, internal testing procedures or third-party vulnerability research.
That imbalance becomes more important as agents move from prototypes to digital actors integrated into real workflows. Many reference systems work in domains such as software engineering and computer applications — areas that often involve sensitive data and sensitive controls.
The MIT AI Agent Index does not say that agent AI is completely unsafe, but it does show that as autonomy has grown, systematic transparency about security has not kept pace.
Technology is developing rapidly. Guardrails, at least in public, are always hard to see.
