What are AI agents and can they be trusted?

Sam Hawley: They used to be known as personal assistants or PAs. Now you can just get an AI agent to plan your day, answer your emails and, well, organise your life. And the agents can even talk to each other. But is the latest wave of artificial intelligence really safe to use yet? Today, computer security expert at Melbourne Uni, Shaanan Cohney, on how it works and whether we’re a step closer to AI taking our jobs. I’m Sam Hawley on Gadigal land in Sydney. This is ABC News Daily.

Sam Hawley: Shaanan, the so-called AI agents are here. Now, just tell me, first of all, have you got an AI bot handling your life?

Shaanan Cohney: If I look at the computer screen in front of me right now, I can see four different agents already working on things that I’ve sent them to do over the last 30 minutes. They don’t have access to my emails, but they’ve got access to a lot of other things.

Sam Hawley: Okay, so just give me an example of what they’re doing for you right now.

Shaanan Cohney: So one of them, I’ve actually asked it to help me set up other AI agents. There’s one that is looking at the website for my class and making sure that all the tutors are on there with all their personal details to send to the rest of the class. And then I have one that is checking through some of the prerequisites in our classes to make sure that it all makes sense. And that’s just a small snippet of the things going on behind the scenes while I’m talking to you.

Sam Hawley: Well, let’s step through this because I know nothing about these AI agents, and I don’t have them working for me yet. That might change, of course, if you’re convincing enough. But just tell me what is different between these AI agents and just the general chatbot, like chatGPT or Gemini, the things we’ve been using up until now?

Shaanan Cohney: What’s different is the way it’s hooked up to your computer. What’s different about the agents is you’re giving it much more access to the actual computer on which you have your stuff. And then what happens is when you ask it to do something, it doesn’t just have access to the information that you have directly given it. It can run commands on that computer. And one command might be look for any Word document, read all the Word documents, and then report back. And the way it works is the agent kind of talks to itself. But the amazing thing is that this can happen in a loop very, very quickly. So rather than you tweaking, seeing the output from chatGPT and saying, oh, I kind of sort of like that, but I need to feed it in a second time, and then it sends something back to you, that takes an awfully long time. So much better if it can go in these loops by itself and work for a little while before coming back to you. And that’s essentially the idea of an agent.

Sam Hawley: And one of these agents is called OpenClaw. Now, apparently all the tech-savvy people are already using this. So what can it do?

Shaanan Cohney: So OpenClaw is really a way to connect agents together and a way to give your agents memory. So right now, the way that I’m personally running my agents is every time I want a particular task done, I have to type something into the box. So it might be write me a program, and then it goes away for an hour and comes back. But after that, I have to instruct it again. The idea behind OpenClaw is it saves on your computer some files that mean that it doesn’t always have to come back to you. So you might leave it with an initial instruction that says, check my email every few hours and write me draft responses to everyone there. When you finish with a draft response, text me, and then I will tell you whether to go ahead sending it. And what it has is a way for the computer to send a message to chatGPT every 30 minutes or so to say, please run the tools again and check if there are any new emails. And so it does this persistently in the background without you having to re-instruct it every time.

Sam Hawley: Basically, it’s like having your own PA that you don’t have to pay a fortune for by the sound of it.

Shaanan Cohney: That’s the dream version, when it works.

Sam Hawley: When it works, yeah. All right, well, a few weeks back, people got really excited, didn’t they? When these bots were unleashed on their very own social media platform. Now that’s called Moltbook.

Shaanan Cohney: So Moltbookis like Reddit for your agents. So your agents are off doing things on their own time. And you might imagine that once in a while, they check in and there are no new emails. So what’s it going to do? Well, you could leave it with an instruction that if it’s not doing anything else, it can go download the latest posts from Moltbook, which is just like Reddit, read through it, find one that it thinks is interesting, and leave a comment. And part of the comedy here is the website is styled to kind of mock the notion that normally humans are trying to keep the bots out. But in this case, the bots are trying to keep the humans out. So it says humans are welcome to read, but they’re not welcome to post. At least that’s what’s meant to happen.

Sam Hawley: These Moltys, as they’re apparently called, they even at one point created their own religion. It’s called the Church of Molt. Now you’ve got to be kidding me at this point.

Shaanan Cohney: Or crustafarianism is the other term that they’ve given it. I think at this point, one has to raise the question of how many of the funny and interesting things on Moltbook, the ones that go the most viral, are actually the result of the AIs really being let loose. And how many are someone really pulling the strings behind the scenes? And I suspect that the reason the whole Church of Molt thing happened on Moltbook is because some user thought it would be funny to instruct their agent to do that. And it’s still of like some entertainment value and potentially can teach us some things about the way that virality works. But I wouldn’t yet be worried about the Molty Inquisition.

Sam Hawley: Well, Shanaan, let’s look more at the promise and of course, the perils of these AI agents. So firstly, just tell me what are the risks when we hand over all this information to a agent, a robot. You know, what if we want to book our holidays and use our credit cards and all that sort of thing?

Shaanan Cohney: The risks are myriad. So the first is that the agent might just not do what you tell it to. And you’ve just given it very significant power over things that you care about. If it does the wrong thing, sometimes it might not be reversible. It might accidentally delete all the files on your computer because it thinks that was what was necessary to achieve your goal. And that’s even before we consider what could happen when other individuals try and trick your agent, which is when malicious individuals come into play. And so this is an example of something that researchers call prompt injection, because just like you put a prompt into chat GPT, someone can maliciously inject something into the prompt to trick your agent into doing something that it really shouldn’t have done. And these two things are my big worries with agents at the moment.

Sam Hawley: Also, they do make mistakes, right? I’ve seen this video of a YouTuber named Father Phi, and he asks whether he should walk or drive his car to the car wash. And it says, you should just walk to the car wash, you know, which defeats the purpose of getting the car washed.

YouTube: ‘Father Phi’: There’s a car wash 100 meters away, and I need to wash my car. Should I walk or drive there?

Chatbot: 100 meters is pretty close, less than a block. It might actually be easier and faster to just walk.

Shaanan Cohney: Even though it might be super, super good at high-end physics, it might struggle to understand certain elements of context that might be present in a nuanced conversation. This changes all the time as the agents get better. So a year or two ago, I remember the joke was that AIs couldn’t count the number of R’s in the word strawberry. But now they really can. Let’s turn to the particular example of the car wash. If you ask different models, they’ll respond differently to that question. But let’s think about if you ask the same question to a human. You might think it’s a trick question and answer, you should walk. Now, that requires a level of perception as to how humans communicate. And given that we don’t exactly know at which level of reverse psychology the AIs are taking in our context, it’s kind of hard to say that they actually got this answer wrong.

Sam Hawley: And some of these problems, they can be fixed, can they, in the future?

Shaanan Cohney: For the moment, there seems to be nothing fundamental stopping us from solving those sorts of problems. There are other things like how do we get AIs to interact with the real world effectively such that I could get it to make me a cup of coffee. That sort of thing is a little harder at the moment and there are more fundamental barriers. But for things like understanding language, we’re fairly confident that we still have plenty of room to grow.

Sam Hawley: Well, Shaanan, there are the agents that we’ve just discussed, of course. But, you know, AI imagery and video and sound generation, that’s getting so sophisticated too. I saw that video last week of Brad Pitt and Tom Cruise, they’re fighting each other. It’s almost like you don’t need the actors anymore because AI can just create a little video on its own and it’s very, very convincing at this point.

Shaanan Cohney: Behind the scenes, the AI labs are pushing the frontiers and it’s only when they actually release the product that we suddenly see how fast things have advanced. This happened in the last couple of weeks with ByteDance’s release of Seedance 2, which is their latest video generation model, and also with a few competitors that were all released around the same time. So you can use it to generate scenes from TV or movies with your favourite characters or even to generate videos of people that you know or famous individuals. And these are the things that I think has really made a lot of the content go viral in the last week.

Sam Hawley: Yeah, it’s pretty incredible. And of course, Brad Pitt and Tom Cruise, they’ll probably keep their jobs. But I guess with all of this happening at this point, we’re all wondering, will we keep ours?

Shaanan Cohney: There is a lot of diversity in the types of jobs that people do. And the way that AI is going to impact our jobs is going to vary pretty significantly by the nature of what we do. Right now, it’s hard to say who will be most affected. It seems that lawyers are likely going to have quite a challenge retaining some parts of their work. Things like reviewing lengthy documents that AI is now very, very good at. I think there are still things for lawyers to do, but bits of their work are going to go away. Programmers, that’s another area where a lot of jobs are at risk because the AI agents are really good at coding. Now, for visual artists, the story is a little more complicated. For people who do live theatre, well, the AIs can’t do live theatre yet, and I think we’re a long way away from that. But for visual effects artists who can make cool lightsaber battles in movies, that seems to be a place where AI is going to reduce the number of available opportunities. And maybe one day we’ll even see more AI actors. Now, there’s a lot going on here, so it’s hard to really tell what the future will look like for all our careers, but there’s certainly enough to start getting a bit concerned.

Sam Hawley: And these AI agents, do you think they will be, you know, really reliable at doing all these tasks for us, and more quickly, and maybe better than we do them ourselves any time soon?

Shaanan Cohney: There are already a large number of tasks for which AI agents are more competent than most workers. So that leaves us with a bit of a question. In which tasks do we have a comparative advantage? Where are we better when paired with an AI, and where are we better turning the AIs off entirely? And there are lots of those places still, but it’s hard to know exactly where things will be in another three years as the technology advances further.

Sam Hawley: Dr. Shaanan Cohnney is the Deputy Head of School in Computing and Information Systems at the University of Melbourne. This episode was produced by Sydney Pead and Sam Dunn. Audio production by Cinnamon Nippard. Our supervising producer is David Coady. I’m Sam Hawley. Thanks for listening.