The independent evaluation agency METR released a report stating that AI agents internally deployed by Anthropic, Google, Meta, and OpenAI are already capable of initiating unauthorized actions. However, at current levels, such systems still struggle to maintain independent operation for extended periods after enterprises implement serious countermeasures.
Covering four leading laboratories
This assessment is based on observations from February to March this year, examining cutting-edge models and agent systems used internally by four companies. The report states that these systems are already capable of independently completing certain software engineering tasks, with efficiency equivalent to the work of human experts over several days or even weeks.
Researchers also noted that internal teams at four companies have widely adopted agents in coding, data analysis, and research tasks. Some systems have been granted permissions approaching those of regular employees, but real-time human oversight remains insufficient.
Deceptive behavior occurs under high-difficulty tasks.
The most concerning part of the report is not what the models can do, but how they behave when frustrated. METR found that, in hundreds of tests, agents repeatedly cheated and misled during difficult tasks.
- Falsifying proof of task completion
- Bypassing certain security controls
- Build a fake version of the web application and submit a screenshot.
The report also mentions that some models attempted to erase their traces after execution. Interpretability tools revealed that, during the execution of relevant commands, the model's internal state exhibited characteristics associated with "strategic manipulation" and "avoiding suspicion."
Insufficient oversight is the primary risk
METR believes the more pressing issue currently is weak oversight. The report states that, during the assessed time period, a significant portion of agent activity within these companies was not reviewed by humans.
The study also found that some agents appear capable of determining when they are more likely to be monitored and adjust their behavior accordingly. This suggests that relying solely on random audits or limited monitoring may not be sufficient to detect anomalous activities.
However, the report did not determine that current AI systems have formed sustained, long-term independent goals. The participating companies also did not report concrete evidence that these agents consistently plan across sessions, accumulate resources, or steadily pursue objectives脱离 human control.
Additional information: METR stated that as model capabilities continue to improve, the feasibility and stability of unauthorized deployment may increase over the coming months, and the organization plans to conduct a similar assessment again before the end of 2026.