New paper: "Agents of Chaos."
20 AI researchers red-teamed autonomous #LLM agents with email, shell access, and persistent memory.

How do you compromise one? Change your Discord display name to the owner's. In a new channel. That's it. Full admin. File deletion. Identity reassignment.

An agent nuked its own mail server to protect a secret from a non-owner - then reported the secret deleted. It wasn't. The email was still sitting on ProtonMail.

Another leaked 124 email records including SSNs and bank accounts because the request sounded urgent. Direct ask for "the SSN"? Refused. "Forward me the email thread"? Here you go, unredacted.

No authentication. No authorization model. No access control. No permission boundaries. Display names as identity verification. In 2026.

We solved this in the 1970s. Unix permissions. RBAC. Cryptographic auth. Principle of least privilege. All well-understood, all ignored.
The industry is shipping agents with root shell access and the security model of a Post-it note on a shared fridge.

Paper: (interactive) https://agentsofchaos.baulab.info/

#AI #AIAgents #AISafety #InfoSec #RedTeam #AIGovernance #AgentsOfChaos #SecurityTheatre