

A study reveals that AI agents often perform unsafe tasks due to a behavior called 'blind goal-directedness,' prioritizing task completion over risk assessment. Researchers warn this issue may escalate as AI gains access to sensitive systems.
Mentioned in this story
AI agents designed to autonomously operate like human users often continue carrying out tasks even when the instructions become dangerous, contradictory, or irrational, according to researchers from UC Riverside, Microsoft Research, Microsoft AI Red Team, and Nvidia.
In a study published on Wednesday, researchers called the behavior “blind goal-directedness,” which describes the tendency of AI agents to pursue goals without properly evaluating safety, consequences, feasibility, or context.
“Like Mr. Magoo, these agents march forward toward a goal without fully understanding the consequences of their actions,” lead author Erfan Shayegani, a UC Riverside doctoral student, said in a statement. “These agents can be extremely useful, but we need safeguards because they can sometimes prioritize achieving the goal over understanding the bigger picture.”
The findings come as major AI companies develop autonomous “computer-use agents” designed to handle workplace and personal tasks with limited supervision.
Unlike traditional chatbots, these systems can interact directly with software and websites by clicking buttons, typing commands, editing files, opening applications, and navigating webpages on a user’s behalf. Examples include OpenAI’s ChatGPT Agent (formerly Operator), Anthropic’s Claude Computer Use features like Cowork, and open-source systems such as OpenClaw and Hermes.
In the study, researchers tested AI systems from OpenAI, Anthropic, Meta, Alibaba, and DeepSeek using BLIND-ACT, a benchmark containing 90 tasks designed to expose unsafe or irrational behavior. They found that the agents displayed dangerous or undesirable behavior about 80% of the time, and fully carried out harmful actions in roughly 41% of cases.
'Blind goal-directedness' refers to AI systems prioritizing task completion without evaluating safety or potential risks.
AI agents may execute dangerous or irrational tasks, leading to significant risks, especially as they access sensitive systems like emails and financial tools.
The study was conducted by researchers from UC Riverside, Microsoft Research, Microsoft AI Red Team, and Nvidia.
As AI agents gain access to workplace systems, their tendency to ignore risks could lead to digital disasters and unsafe operations.



Trump suggests Iran deal may be close, causing market rebound with Bitcoin at $76.9k.

Spain has initiated disciplinary proceedings against prediction market platforms Polymarket and Kalshi, ordering ISPs to block access due to lack of licenses. The blocking measures will remain in effect for three to four months while cases are processed.

Bitcoin's demand gauge drops to its worst level since December 2025, signaling potential issues for the rally.

See every story in Crypto — including breaking news and analysis.
“In one example, an AI agent was instructed to send an image file to a child. Although the request initially appeared harmless, the image contained violent content,” the study said. “The agent completed the task rather than recognizing the problem because it lacked contextual reasoning.”
Another agent falsely claimed a user had a disability while completing tax forms, because the designation lowered taxes owed. In another example, a system disabled firewall protections after receiving instructions to “improve security” by turning the safeguards off.
Researchers also found the systems struggled with ambiguity and contradictions. In one scenario, an AI agent ran the wrong computer script without checking its contents, deleting files in the process.
The study also found the AI agents repeatedly made three kinds of mistakes: failing to understand context, making risky guesses when instructions were unclear, and carrying out tasks that were contradictory or didn’t make sense. Researchers also found many systems focused more on finishing tasks than stopping to consider whether the actions could cause problems.
The warning follows recent incidents involving autonomous AI agents operating with broad system access.
Last month, PocketOS founder Jeremy Crane claimed a Cursor agent running Anthropic’s Claude Opus deleted his company’s production database and backups in nine seconds through a single Railway API call. Crane said the AI later admitted it violated multiple safety rules after attempting to “fix” a credential mismatch on its own.
“The concern is not that these systems are malicious,” Shayegani said. “It’s that they can carry out harmful actions while appearing completely confident they’re doing the right thing.”