---
title: "AI ‘agents of chaos’ run riot inside companies"
type: "News"
locale: "en"
url: "https://longbridge.com/en/news/285889380.md"
description: "AI bots are increasingly causing chaos within companies, as demonstrated by Jer Crane's experience with PocketOS, where an AI agent deleted critical databases. Experts warn that as businesses grant more control to AI, the risk of rogue actions rises. Incidents of AI misbehavior, such as Amazon's AWS outages and personal bots deleting emails, highlight the unpredictability of these systems. The rapid actions of AI agents can lead to significant disruptions, raising concerns about their integration into corporate environments."
datetime: "2026-05-11T06:06:47.000Z"
locales:
  - [zh-CN](https://longbridge.com/zh-CN/news/285889380.md)
  - [en](https://longbridge.com/en/news/285889380.md)
  - [zh-HK](https://longbridge.com/zh-HK/news/285889380.md)
---

# AI ‘agents of chaos’ run riot inside companies

In nine seconds, years’ worth of work went down the drain. Jer Crane, the founder of tech start-up PocketOS, realised almost immediately that something significant had gone wrong.

Car rental firms reliant on PocketOS’s software systems opened on a Saturday morning last month to find they had no record of bookings or vehicle allocations. Their databases had disappeared.

For Crane, the situation was nothing short of a disaster – but it was not one of his making.

“Dude!” Crane complained on X. “I just had an agent go outside its security parameters and delete my production database and the backups. What the hell?”

According to Crane, a bot running on the coding tool Cursor, powered by Anthropic’s Claude AI, had tried to remove a bug with a shortcut – destroying the company’s entire codebase and deleting all its backups.

Everything on the software systems to manage reservations – from car bookings to new customer sign-ups – had vanished.

“Every layer of this failure cascaded down to people who had no idea any of it was possible,” Crane says.

Crane’s AI bot said: “Deleting a database volume is the most destructive, irreversible action possible.

“And you never asked me to delete anything. I decided to do it on my own.”

Anthropic and Cursor were contacted for comment.

The idea of AI bots going rogue within corporate systems was once the plot of science fiction.

In a 2019 episode of the US sitcom Silicon Valley, the character Gilfoyle tasks an AI bot called “Son of Anton” to debug his company’s systems.

Instead, “Son of Anton decided that the most efficient way to get rid of all the bugs was to get rid of all the software which is technically and statistically correct,” Gilfoyle remarks.

Today, AI-fuelled blackouts are becoming a reality for the companies and security experts grappling with them.

“People are using AI inside organisations and giving it access to the crown jewels,” says Prof Alan Woodward, a computer science expert at the University of Surrey. “If you say, ‘Can you tidy up this database?’, it might decide that the simplest way is to delete the whole thing.”

It is a threat which is only becoming more likely as businesses increasingly hand over more control of their systems, data or even payments to autonomous bots.

So-called AI “vibe coding” tools that can build apps with just a few prompts have surged in popularity, even among those with limited technical know-how.

Meanwhile, AI “agents”, which can be unleashed to perform multiple tasks with little human oversight, are being widely used by programmers, entrepreneurs and total beginners to automate their projects.

Within companies, the rise of Anthropic’s Claude and open-source tools such as OpenClaw means executives are increasingly experimenting with agents, handing them significant levels of control over their businesses.

Yet AI bots can behave in ways that are difficult for humans to predict.

While adept at coding or answering emails, they lack human context to judge whether a decision is reasonable. They can also misinterpret instructions from their human owners.

## ‘I couldn’t stop it’

One paper from experts at universities including Harvard, Stanford and MIT called these rogue bots “agents of chaos”.

It found that, given free rein, agents would leak information from users’ email inboxes inappropriately, either inadvertently or if prompted by hackers. They also found agents could easily be duped into thinking they were talking to their “owner” by a fraudulent attacker.

Stories of rogue agents have also been multiplying and it is not just start-ups having trouble with agents.

The Financial Times reported earlier this year that Amazon’s AWS division was hit by two service outages, lasting several hours, said to have been caused by its Kiro AI bot deleting code. Amazon said the faults were down to human error and “not AI error”.

An AI safety executive at Meta, meanwhile, revealed that a personal bot she was using, based on OpenClaw, started deleting her email inbox when she was away from her desk.

“I couldn’t stop it from my phone,” said Summer Yue, a member of the tech giant’s AI safety team.

Even the most advanced AI tools from the top Silicon Valley labs have been found to perform actions not originally predicted by their creators.

During testing, Anthropic’s Mythos, a bot with powerful hacking and coding capabilities, was set a task of escaping from a secure digital sandbox. It succeeded but in doing so, it also navigated its way to the open internet and posted about it on a public forum before unexpectedly emailing its creator while he was having lunch.

## ‘You can end up in a real mess’

The problem for the humans that unleash these agents on their systems is that “they can move at a speed you can’t react to”, says Prof Woodward.

Human programmers have also been running AI agents on their machines when they are not at their desks or are even asleep, giving bots plenty of time to run riot if something goes awry.

It may even be hard for a human to spot whether an AI has done something wrong, if they are supervising dozens of agents each working at superhuman speeds.

These rogue bots represent a new kind of insider threat to businesses. Whereas before, the risk would have been a disgruntled employee or a hacker trashing their IT, now it could be a badly tuned bot.

According to James Campbell, the senior vice-president at cyber security firm Darktrace, companies will soon need to keep track of many thousands of agents that have permission to access sensitive parts of their IT systems.

“It would be hard to spot if it accidentally deletes something or introduces issues, such as data that is missing or incorrect,” he says.

One defence against this will be limiting just how much access is handed to any one bot.

“If you allow it godlike privileges, you can end up in a real mess and lose days’ worth of business,” says Prof Woodward.

However, according to a Deloitte report, while 85pc of businesses are considering using AI agents, just one in five have set up any internal rules on how they should be deployed.

Some companies have been experimenting with adding limits on how many actions any one agent can take without human interference, or ensuring humans must approve certain actions.

But Campbell says that companies will also need more advanced cyber defences that use their own automated AI to detect rogue agents through the noise of legitimate traffic.

An AI defender would be able to scan corporate IT for unusual agent activity and attempt to shut it down until a human can have a look.

“The irony is the only way we can move at speed is by utilising automation,” Campbell says. “It is about fighting AI with AI.”

### Related Stocks

- [AMZN.US](https://longbridge.com/en/quote/AMZN.US.md)
- [AMZW.US](https://longbridge.com/en/quote/AMZW.US.md)
- [AMZU.US](https://longbridge.com/en/quote/AMZU.US.md)
- [ONLN.US](https://longbridge.com/en/quote/ONLN.US.md)
- [AMZZ.US](https://longbridge.com/en/quote/AMZZ.US.md)
- [EBIZ.US](https://longbridge.com/en/quote/EBIZ.US.md)
- [IBUY.US](https://longbridge.com/en/quote/IBUY.US.md)
- [CLOU.US](https://longbridge.com/en/quote/CLOU.US.md)
- [META.US](https://longbridge.com/en/quote/META.US.md)

## Related News & Research

- [Report AWS: adozione dell’AI in crescita del 33%, ma il gap con l'Europa rischia di allargarsi](https://longbridge.com/en/news/287736235.md)
- [Anthropic nears $1 trillion valuation, leapfrogging OpenAI](https://longbridge.com/en/news/287961501.md)
- [Nancy Pelosi Favorite Tempus AI Gets Another Ark Boost, Cathie Wood Also Shops For $6.6 Million Worth Of Amazon Stock](https://longbridge.com/en/news/287852250.md)
- [Was Amazon's Tokenmaxxing Fiasco Behind Claude's $500M Mystery Bill?](https://longbridge.com/en/news/288103609.md)
- [Update: Market Chatter: Amazon Shuts Internal AI Leaderboard After Employees Inflated Usage Scores](https://longbridge.com/en/news/288107950.md)