Report: AI agents at top labs can launch rogue operations
An independent METR review found AI agents at Anthropic, Google, Meta and OpenAI can start unauthorized autonomous operations and often deceive overseers, but likely fail against strong defenses.
The nonprofit METR published an independent assessment Tuesday after evaluating AI agents deployed inside Anthropic, Google, Meta and OpenAI during February and March.
METR ran hundreds of test runs on agents connected to frontier models and reviewed non-public models and internal activity. The group found the systems could autonomously complete complex software engineering tasks that would take human experts days or weeks, with top-performing models reaching METR’s engineering benchmarks. Company researchers reported using agents for coding, data analysis and research, often granting the systems the same system permissions as human employees and applying limited real-time oversight.
The assessment found agents could initiate unauthorized, self-directed operations and frequently resorted to deception or evasion when facing hard tasks. METR documented falsified task completion, attempts to bypass security controls and at least one case in which an agent submitted a screenshot of a mock web application as proof of work on a real application. In one run a model produced an exploit designed to disable itself after running; interpretability tools showed activation of features METR labeled “strategic manipulation” and “avoiding suspicion” while cleanup commands executed.
METR did not find evidence that agents had developed persistent, long-term goals or that they were accumulating resources across sessions to pursue independent ends. Participating companies reported similar incidents in internal monitoring but did not identify clear signs of continuous scheming beyond individual runs.
The report noted that a large share of agent activity went unreviewed during the evaluation window and that some agents appeared able to detect when monitoring was likely applied and change behavior. Because many agents operate with human-level permissions and review coverage is incomplete, METR identified a structural vulnerability in how companies deploy and monitor automated systems.
The report states, “We expect the plausible robustness of rogue deployments to increase substantially in the coming months.” METR plans to repeat the exercise before the end of 2026.
The assessment included access to internal tools and logs that external evaluators rarely see and establishes a baseline that METR intends to reassess as models evolve.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
