Agentic AI Security Risks Exposed in MIT Study of 30 Systems

Agentic AI is rapidly moving into enterprise mainstream adoption, but new research highlights serious security and governance gaps. A 2025 MIT-led study reviewing 30 of the most common agentic AI systems found widespread shortcomings in transparency, monitoring, and risk disclosure. 

The report, The 2025 AI Index: Documenting Sociotechnical Features of Deployed Agentic AI Systems, examined public documentation, governance disclosures, and product materials. Researchers found that most agentic AI platforms fail to clearly disclose safety evaluations, third-party testing results, or usage monitoring mechanisms. Twelve of the thirty systems reviewed provide no meaningful usage monitoring, limiting enterprise visibility into resource consumption and agent activity. 

Agentic AI differs from traditional chatbots by operating autonomously across workflows. These systems can access databases, execute multi-step tasks, and interact with enterprise platforms. However, the study reveals that many lack documented stop controls, runtime traceability, or clear AI identification mechanisms when interacting with external systems. 

The researchers highlighted three examples. OpenAI’s ChatGPT Agent was positively distinguished for cryptographically signing browser requests, improving traceability. By contrast, Perplexity’s Comet browser reportedly lacks documented safety evaluation methodologies or third-party testing disclosures. HubSpot’s Breeze agents demonstrate compliance certifications but offer limited transparency on security testing procedures. 

The findings indicate that most agentic systems rely on closed-source frontier models such as OpenAI’s GPT, Anthropic’s Claude, and Google’s Gemini. Yet developer transparency around operational safeguards remains inconsistent. 

The study concludes that governance challenges will intensify as agentic capabilities expand. Enterprise leaders face increasing risk exposure if AI agents operate without adequate monitoring, accountability, or clear boundaries. 

Researchers argue that responsibility lies with AI developers to improve disclosure standards, embed control mechanisms, and provide verifiable safety evaluations. Without stronger governance, agentic AI security risks may prompt regulatory intervention as adoption accelerates. 

 

Source:  

https://www.zdnet.com/article/ai-agents-are-fast-loose-and-out-of-control-mit-study-find/