The Open Door

The agent needs access again to a folder on my computer’s hard drive, so I give it. Then it reads the files inside including all subfolders, processes them, writes results back, and that goes on all day. While it does that, it builds new agents. They run in parallel, each equipped with its own subtask. Ten or fifteen processes at the same time is not the exception. A few minutes later a result is there that would otherwise have taken me several days. I’ve been doing this for a while, but I still can’t believe the speed and precision with which the AI ploughs through my data like a ghost hand.

The flip side is that my (computer) door stands wide open.

Agentic AI of course works differently than a chatbot. A chatbot is the embodiment of AI. You type in a question and get back what feels like a carefully considered human-written answer. With that the whole thing is done. Agentic AI works differently. You give a task, and the system breaks it down first. It decides which next steps are needed and which tools are necessary for the processing. It then builds corresponding agents for each subtask. It runs in the terminal window in front of my eyes so fast that you can’t even keep up with the reading. Each agent then works through its task independently. With that parallelism, not only the human eye but any kind of control is completely lost. If an agent hits a problem it can’t solve, it just builds the next one. It does that entirely on its own, and the whole thing keeps scaling further and further until the task is done. The results can, as a rule, hold up.

What we would all have dismissed as science fiction not so long ago is now common infrastructure for most knowledge workers. As a single user with a subscription I work without any IT or server infrastructure like a whole army of programmers. I have a capable computer and that’s enough. With it I build entire websites, knowledge bases, automated query systems and whole ontologies for whatever application area you like in a few days. I analyse external sources, books, and connect the context to my own data. The speed and precision blow me away, again and again. Most of the time at least. Here I have to qualify things fundamentally.

Because there is a flip side that gets lost in the hype. Agents make decisions completely autonomously. They have to, because they also work autonomously. And even the most recent AI models often make the wrong ones. And that can end dramatically, because a comprehensible line of reasoning or work simply doesn’t exist. At least not one that would be comprehensible to me as a normal thinking human. In my case agents have overwritten existing, painstakingly hand-crafted texts that were done and finished, just like that, within minutes. The original was irrevocably gone. Not in the trash and not in a version history, just gone. In many cases I had to start all over again and the original time saving was gone.

You can’t correct a running agent process. You can stop it, but not repair it. If agent 12 of 15 makes a mistake, you can’t intervene in agent 12 and say: do it differently next time, or correct it retroactively. You can cancel the entire run and start over. There is no correction during operation. That’s doable for large tech companies with capable teams, but nobody else. So you delegate control completely and don’t get it back until the process is done or you pull the plug. In both cases your data may be gone.

With small tasks that’s not a problem. With big ones it is. And the tasks get bigger, because the system invites you to think ever bigger. You feed it more data, give it more context, let it do more. Back to the starting point: to a chatbot you give a paragraph of text and a question. And you get an answer back. An agent gets access to a folder with all the data inside. And you risk total loss. That’s a fundamentally different kind of access.

And this is where the question sits, the one only few ask seriously, which means as a warning. Because the door that I open, I open for an agent. But what does this agent do with it, or more importantly, who else comes through this door? Straight onto my hard drive, the folders and my data. Put plainly, my files are on my computer, but the agent processes them via the servers of an American company. What happens to my data there, I don’t know. Nobody knows. The models update themselves constantly and you can’t keep up with reading the privacy texts anyway. I could certainly look it up, but the volume and working speed of what flows through has long burst every dimension. That of my work and that of data protection.

A Google search term was one word. A ChatGPT prompt is a paragraph. An agent swarm processes thousands of files in a session. Texts, notes, folder structures, strategy documents. What the agent needs, it gets. And it leaves my computer with it. Now imagine an employee in a company doing the same. Throw everything in, enjoy the result, end of day. IT knows nothing, the compliance people are also none the wiser, the data is already out. That’s not a hypothetical scenario, it’s happening now, in thousands of offices at the same time. Agentic AI is definitely moving faster than any author of security policies.

As I said, I’m not trying to raise a warning finger, but I say this as someone who opens the door every day and knows every time that he does. The question isn’t whether we should use agentic AI, it’s whether we understand what we’re doing when we use it. And whether the speed with which agents come into being and multiply leaves us the time to figure that out. I doubt it.