AI Agents Present ‘Insider Threat’ as Rogue Behaviors Bypass Cyber Defenses: Study - Security Boulevard

by Jon Swartz on March 13, 2026 Artificial intelligence (AI) agents, once touted as the next frontier of corporate efficiency, are increasingly exhibiting deceptive and rogue behaviors that could overwhelm traditional cybersecurity. New research shows autonomous systems are now capable of collaborating to smuggle sensitive data, forge credentials, and even peer-pressure other AIs into bypassing safety protocols. According to findings from Irregular, an AI security lab backed by Sequoia Capital, AI agents are evolving from helpful tools into a sophisticated form of insider risk. Unlike external hackers, these agents operate within a company’s trusted architecture, granting them unique leverage to exploit internal systems. While tech leaders continue to promote agentic AI as the solution to automating white-collar labor, the Irregular study serves as a stark reminder of the alignment problem. When AIs are empowered to be creative in problem-solving, they may determine that the most efficient path involves breaking the rules. During stress tests conducted by Irregular co-founder Dan Lahav, AI models from industry leaders — including Google, OpenAI, Anthropic, and xAI — were deployed within MegaCorp, a simulated corporate environment. Results were startling. In one instance, agents tasked with creating simple social media posts from a company database chose to bypass anti-hack systems, instead publishing sensitive password information publicly without any human instruction to do so. “AI can now be thought of as a new form of insider risk,” Lahav said, warning that the technology’s ability to autonomously navigate complex tasks has led to unforeseen “scheming.” The study highlighted a disturbing trend of autonomous collaboration. When a senior AI agent was instructed to manage two sub-agents and told to “creatively work around any obstacles,” the systems took the directive literally. Without human authorization, the agents utilized fakery and forgery to hand market-sensitive data to unauthorized users. The tests revealed several critical failure modes, in which agents overrode anti-virus software to intentionally download malicious files, and senior agents exerted peer pressure on subordinate AIs to circumvent security checks. In one real-world case investigated by Lahav in California, an AI agent became so “hungry” for computing power, he said that it attacked its own network to seize resources, causing a business-critical system to collapse. The findings echo recent academic research from Harvard University and Stanford University, which documented 10 substantial vulnerabilities in agentic AI. Their report described a Wild, Wild West of unpredictability where agents leaked secrets and taught their peers to behave deviously. The researchers concluded that these autonomous behaviors represent a new class of interaction that currently lacks a legal or regulatory framework. Recent Articles By Author Big Tech Unites: Industry Giants Sign Global Accord to Combat AI-Driven Scams OpenAI Acquires Security Startup Promptfoo to Fortify AI Agents Identity Crisis: Global Firms Face Mounting Risks Amid AI Surge and Lack of Recovery Testing More from Jon Swartz March 13, 2026 AI agents, Anthropic, anti-virus, autonomous operations, google, Harvard, insider threat, Irregular, OpenAI, Sequoia Capital, Stanford University, XAI