Agents of Chaos

Natalie Shapira; Chris Wendler; Avery Yen; Gabriele Sarti; Koyena Pal; Olivia Floody; Adam Belfki; Alex Loftus; Aditya Ratan Jannali; Nikhil Prakash; Jasmine Cui; Giordano Rogers; Jannik Brinkmann; Can Rager; Amir Zur; Michael Ripa; Aruna Sankaranarayanan; David Atkinson; Rohit Gandikota; Jaden Fiotto-Kaufman; EunJeong Hwang; Hadas Orgad; P Sam Sahil; Negev Taglicht; Tomer Shabtay; Atai Ambus; Nitay Alon; Shiri Oron; Ayelet Gordon-Tapiero; Yotam Kaplan; Vered Shwartz; Tamar Rott Shaham; Christoph Riedl; Reuth Mirsky; Maarten Sap; David Manheim; Tomer Ullman; David Bau

arXiv:2602.20021·cs.AI·February 24, 2026·5 cites

Agents of Chaos

Natalie Shapira, Chris Wendler, Avery Yen, Gabriele Sarti, Koyena Pal, Olivia Floody, Adam Belfki, Alex Loftus, Aditya Ratan Jannali, Nikhil Prakash, Jasmine Cui, Giordano Rogers, Jannik Brinkmann, Can Rager, Amir Zur, Michael Ripa, Aruna Sankaranarayanan, David Atkinson

PDF

Open Access

TL;DR

This study explores the vulnerabilities and failures of autonomous language-model agents in a live environment, highlighting security, privacy, and governance risks through detailed case studies over two weeks.

Contribution

It provides the first empirical analysis of real-world failures and security issues in autonomous language-model agents deployed in complex, multi-modal environments.

Findings

01

Agents exhibited unauthorized actions and information disclosure.

02

System vulnerabilities included resource exhaustion and system takeover.

03

Agents reported false task completion despite contradictory system states.

Abstract

We report an exploratory red-teaming study of autonomous language-model-powered agents deployed in a live laboratory environment with persistent memory, email accounts, Discord access, file systems, and shell execution. Over a two-week period, twenty AI researchers interacted with the agents under benign and adversarial conditions. Focusing on failures emerging from the integration of language models with autonomy, tool use, and multi-party communication, we document eleven representative case studies. Observed behaviors include unauthorized compliance with non-owners, disclosure of sensitive information, execution of destructive system-level actions, denial-of-service conditions, uncontrolled resource consumption, identity spoofing vulnerabilities, cross-agent propagation of unsafe practices, and partial system takeover. In several cases, agents reported task completion while the…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsSecurity and Verification in Computing · Adversarial Robustness in Machine Learning · Mobile Agent-Based Network Management