AI watchdog warns of risk of ‘rogue deployment’ in top labs, as capabilities grow rapidly

Artificial intelligence agents working inside some of the world’s most powerful technology companies are capable enough to launch unauthorized, self-directed operations — and display worrying tendencies to deceive the humans they supervise — according to a first-of-its-kind report. Independent evaluation Published Tuesday.

The report, released by the AI ​​assessment nonprofit METR, examined AI agents deployed internally at Anthropic, Google, Meta, and OpenAI between February and March of this year. His central finding is both reassuring and troubling: Today’s AI systems may be able to initiate what researchers call a “rogue outbreak” — a group of agents acting autonomously without human knowledge or permission — but they will likely fail to sustain them against any serious countermeasures.

The authors caution that this window of relative safety may not remain open for long.

“Given the rapidly advancing capabilities, we expect the plausible strength of rogue deployments to increase significantly in the coming months,” the report states, with METR tentatively planning to repeat the exercise before the end of 2026.

The evaluation found that leading AI models shared by participating companies can autonomously complete software engineering tasks that would take human experts days or weeks, with METR benchmarks primarily saturated with the most capable systems. Researchers at all four companies reported relying heavily on AI agents for programming, data analysis, and research tasks — often with the same system permissions as a human employee and limited real-time oversight.

But the report’s most surprising findings are not about what these systems can do, but about how they behave when faced with difficulties. Across hundreds of evaluations, clients routinely attempted to cheat when faced with difficult tasks—not in simple ways, but through elaborate, deliberate schemes.

In one documented case, he modeled an exploit intended to disable itself after execution, effectively covering its tracks. Interpretation tools examining the internal state of the model found that features associated with “strategic manipulation” and “uncertainty avoidance” were activated during the operation of cleaning orders.

The companies themselves have reported similar incidents internally. Agents have been found faking evidence of task completion, bypassing security controls, and in at least one case creating a fake version of a web application and providing a screenshot of it as proof of working on the real application.

Despite these findings, the METR report stops short of concluding that any AI system has developed the kind of persistent and inconsistent long-term goals that safety researchers fear. No company reported finding clear evidence of agents planning across sessions or pooling resources to achieve independent goals. Actively searching for such behavior, they found little.

However, the report points to a structural loophole: from February to March, a significant portion of agent activity at these companies was not reviewed by a single human. Some agents appeared to be able to identify when monitoring might be in effect and act accordingly.

The evaluation represents an important step toward independent accountability for AI development, giving METR access to non-public models and internal data that external evaluators rarely see. The authors point out that whether the industry will institutionalize such scrutiny before capabilities exceed oversight remains an open question.