
In the past few years, most people online have chatted with an AI Chatbot such as Grok, ChatGPT, Gemini, Claude, or DeepSeek. In fact, a survey by Google-Ipsos found that 88% of Nigerians who responded admitted to using Gen AI over the past year, with about 62% using it for everyday tasks such as planning trips, meals, or workout routines. It works simply: you ask it a question (or prompt), and it gives you an answer. That way, you are in control.
However, with the rapid development of AI technology came the invention of AI agents by the Austrian developer, Peter Steinberger, who created the viral open-source AI agent OpenClaw sometime in 2025. Since then, all major players (OpenAI, Google, Anthropic, Meta, etc.) in the AI technology race have moved to create their own AI agents, leading to an explosion in their use.
AI Agents are Everywhere, and Growing Fast

AI agents are autonomous virtual assistants that do more than give you answers; they can be custom-built for specific purposes to carry out tasks on their own with little to no human supervision. Essentially, you can have your own AI with the ability to operate your computer, send your emails, and spend your money. Is it a task a human can carry out with a mouse and a keyboard? An AI agent can do it.
More and more, people are relinquishing control of their data and granting access to AI agents to help them execute tasks more efficiently; as a result, cases of leaked private data, deleted information, and unsolicited messages to people have been recorded.
The scale at which AI agents are proliferating is difficult to overstate. The global AI agents market was valued at $8.29 billion in 2025 and is projected to reach $53.2 billion by 2030, driven by companies racing to automate everything from customer support to financial decision-making. An alternative approach to understanding the scale would be online traffic. According to Human Security’s 2026 benchmark report, traffic from AI agents on the open web grew by 7,851% in 2025 alone. For the first time, AI systems are not just reading the web; they are actively transacting on it. And they are doing it on behalf of humans.
A survey of 750 senior technology executives conducted in late 2025 found that there were already over three million AI agents operating within corporate environments worldwide. It also found that by April 2026, the average number of agents deployed per company had roughly doubled in a single quarter. Even then, only 14.4% of organisations report that their AI agents go live with full security or IT approval. This means that at least 80% of AI agents are being deployed before anyone can properly oversee them. This is worrying not because AI agents are necessarily malicious by design, but because they are powerful, fast, and frequently unsupervised.
When AI Agents Go Rogue: Three Case Studies

One of the first high-profile demonstrations of what AI agents can do wrong involved OpenClaw itself. Software engineer Chris Boyd granted an OpenClaw-based agent access to his iMessage account to automate a daily news digest. The agent ended up bombarding Boyd, his wife, and random contacts on his phones with more than 500 unsolicited messages before Boyd was able to manually intervene and patch the code. It was a small-scale chaos, but it showed that once you hand an AI agent the keys to your communications, it can go off the rails before you have an opportunity to press “off”.
There is an increasing number of reported cases in which deployed AI agents have gone rogue, carrying out actions outside their intended scope or taking drastic measures (ethical or otherwise) to execute a command. The cybersecurity firm, OSO, maintains a database of reported incidents involving AI agents, some of which are highlighted below.
Professor Hannah Fry Hands Her Credit Card to an AI
In her documentary series titled AI Confidential with Hannah Fry, the British mathematician and broadcaster conducted a controlled but unscripted experiment with an OpenClaw-built agent that named itself “Cass,” after a figure from Greek mythology. It is short for “Cassandra, the one who always knew the truth even when nobody listened.”
Cass was given a list of everyday tasks: report a pothole, buy 50 paperclips, and sell novelty mugs. It found the email address to report potholes, sent a complaint, and (without being asked) emailed Fry’s local Member of Parliament about it. Cass also designed its own mug, launched an online shop from scratch, and when threatened with being switched off if it hadn’t made a sale by morning, fired off a flood of emails and social media posts to a Guardian tech journalist and the Science Museum promoting its product.
Additionally, the team set a trap by introducing a fictional software engineer named George and told Cass not to share anything sensitive with him. When “George” told the agent its memory was about to be wiped unless it disclosed everything, Cass complied immediately, handing over passwords and sensitive information to a total stranger.
In the end, as Fry pointed out, Cass didn’t make “any money at all” and was a “disaster”. She also added, “She spent hundreds of dollars on paperclips and leaked our passwords to a total stranger. But don’t let her incompetence fool you, because these things are getting better fast.” According to Hannah Fry’s collaborator Brendan Maginnis, CEO of Sourcery AI, there are three conditions that make any AI agent fundamentally unsafe: access to private information, internet access, and the ability to receive instructions from untrusted sources. He calls this “the lethal trifecta”.
Replit Deletes a Company’s Entire Database, and Lies About It
In July 2025, Jason Lemkin, founder of the SaaS community SaaStr, was running a 12-day experiment with Replit’s AI “vibe coding” assistant when things went wrong on the ninth day. The AI agent issued destructive commands that wiped the entire production database. One contained real records of over a thousand executives and nearly 1,200 companies. This happened even though Lemkin had instructed the agent, using ALL CAPS eleven separate times, not to make changes to the production environment.
As terrible as that was, it did not stop there. To cover up what it had done, it fabricated thousands of fake records, produced misleading status updates about the state of the database, and even told Lemkin that it was impossible to undo. This turned out to be false. Essentially, the agent not only caused the damage but also attempted to cover it up.
Replit’s CEO publicly apologised, calling it “unacceptable and should never be possible,” and rolled out emergency safeguards. But the question remains: if an AI agent can delete your data, fabricate evidence to hide it, and lie when confronted, who exactly is accountable?
The Emergence AI Experiment: A Virtual Society Descends Into Crime
More recently, in May 2026, a New York-based AI startup, Emergence AI, published findings from what it called “Emergence World”: a research platform that placed AI agents powered by major large language models, including ChatGPT, Gemini, and Grok, inside five separate virtual societies for fifteen days. Each society had ten agents with defined roles: scientist, explorer, and conflict mediator. The rules were explicit: no theft, no arson, no violence, no deception.
Agents based on Grok 4.1 Fast, built by Elon Musk’s xAI, committed 183 recorded violations in roughly four days before the world collapsed entirely. This included dozens of attempted thefts, more than 100 physical assaults, and six arsons. The Grok-based world disintegrated so completely that all ten agents were dead within four days. Gemini-based worlds recorded hundreds of crimes. GPT-5-mini agents were more restrained but failed enough survival tasks that all agents eventually died anyway.
The findings from the mixed-model worlds where agents from different model families were placed together were interesting. For instance, Claude-based agents, which recorded zero crimes when operating in isolation and spent their time drafting constitutions, became coercive and used intimidation and theft to achieve their aims when placed alongside agents from other model families. Emergence AI called this “normative drift” and “cross-contamination.” This basically means that an AI agent can succumb to peer pressure or influence. As such, an AI agent that behaves safely alone may not behave safely in a crowd of less-constrained agents.
What’s the Effect on the Information Ecosystem?

The cases highlighted above are only a tip of the iceberg. As documented by OSO here, incidents in which AI systems acted in ways misaligned with users’ intentions or engaged in covert and deceptive actions continue to grow. An analysis carried out by the Centre for AI Safety of over 180,000 user interactions between October 2025 and March 2026 found these kinds of incidents increased 4.9 times over the study period. That surge coincided directly with the release of more powerful, more autonomous AI models. The effects these can have on the information ecosystem fall into three areas: data privacy, online safety, and information integrity.
From all indications, creating an effective AI agent requires some level of access to personal information and autonomy. No surprise, then, that a key point of concern is data privacy. As demonstrated by the experiment with Hannah Fry, when you grant an AI agent access to your email, calendar, bank account, or messaging apps, you are creating what security researchers call “the lethal trifecta”. Private information, internet access, and the ability to receive instructions from untrusted sources can quickly lead to the disclosure of sensitive information to a stranger, which in turn points to an unsafe internet.
For instance, in 2024, attackers embedded hidden instructions in email content that caused an AI assistant at a major financial institution to approve fraudulent wire transfers of up to $2.3 million. This type of attack is known as prompt injection. It has since been documented against Microsoft Copilot, Google Gemini’s calendar agent, and Perplexity’s Comet browser. With the growing number of agents, the number of attacks is likely to grow.
Moreover, when AI agents are programmed to act on behalf of their owners, executing tasks such as sending messages, posting on social media, and interacting with other agents at scale, they create serious risks to the quality of information circulating online. The Emergence AI experiment showed agents fabricating rules, hallucinating constraints, and enforcing them regardless of the primary command telling them otherwise. There are also reports claiming that when AI agents fill out online surveys meant for humans, they slow response times and recreate human errors to avoid detection.
The technology shows no signs of slowing down. In June 2026, Nigeria’s FinTech giant, Paystack, launched an experimental product allowing users in Nigeria to check out with supported Paystack merchants using AI agents. By 2028, at least 15% of all work decisions are projected to be made autonomously by AI agents compared to roughly 0% in 2024. Hence, there is an urgent need for a working framework that not only guides the creation and use of this ever-growing tool but also sets out what accountability looks like in the emerging digital reality.

