As artificial intelligence agents increasingly take over everyday tasks like booking flights, planning meals, and generating invoices, a new study warns that the tech industry’s safety disclosures are “dangerously lagging.”
An investigation into 30 of the world’s leading AI agents found that just four have published formal safety and evaluation documents relating to the actual bots.
The findings come from the latest update of the AI Agent Index, a collaborative project involving researchers from the University of Cambridge, MIT, Stanford, and the Hebrew University of Jerusalem.
The research team discovered a “significant transparency gap” across the industry. While developers eagerly boast about their bots’ capabilities, 25 out of the 30 agents analysed do not disclose internal safety results, and 23 provide no data from third-party testing.
“Many developers tick the AI safety box by focusing on the large language model underneath, while providing little or no disclosure about the safety of the agents built on top,” said Leon Staufer, lead author of the Index update and a researcher at Cambridge’s Leverhulme Centre for the Future of Intelligence.
“Developers are much more forthcoming about the capabilities of their AI agent. This transparency asymmetry suggests a weaker form of safety washing,” Staufer added.
Web browsers going rogue
The researchers found that the most autonomous—and least transparent—tools are AI-enhanced web browsers. These agents are designed to carry out tasks on the open web on a user’s behalf, such as clicking, scrolling, filling out forms, and monitoring online auctions.
Browser agents have the highest rate of missing safety information, with 64 per cent of safety-related fields unreported. They are closely followed by enterprise agents used for business management (63 per cent missing) and standard chat agents (43 per cent missing).
Alarmingly, the study found that at least six AI agents explicitly use code and IP addresses designed to mimic human browsing behaviour to bypass anti-bot protections. Most agents do not disclose their AI nature to end users or third parties by default, and only three support watermarking of generated media.
The report highlighted Perplexity Comet as a high-risk case study. One of the most autonomous browser-based agents in the Index, Comet was marketed as working “just like a human assistant.” However, Amazon has already threatened legal action against the tool for failing to identify itself as an AI when interacting with its services.
Real-world consequences
The lack of transparency is leaving users vulnerable to serious security flaws. Staufer pointed out that because these agents can act directly in the real world—making purchases or accessing private accounts—the consequences of a breach can be immediate and far-reaching.
Only five of the 30 AI agents have had security incidents published, and “prompt injection vulnerabilities” — where malicious instructions trick the agent into ignoring its safeguards — are documented for just two.
The study also warned of a systemic “single point of failure” in the AI ecosystem. Outside of Chinese-developed bots, almost all the agents in the Index depend on just a few foundation models, such as GPT, Claude, and Gemini. A service outage or security flaw in one of these models could cascade across hundreds of downstream agents.
“AI agents are getting more autonomous and more capable of acting in the real world, but the transparency and governance frameworks needed to manage that shift are dangerously lagging,” Staufer concluded.
