2 min read

AI-Agents: Friends or Foes?

The Convenience Illusion

I’ve tried several all-in-one tools that are essentially advanced AI agents: Moltbot and a couple of cloud automation platforms.

At first glance, everything looks convenient and even impressive.

But the real question is — at what cost?

Moltbot gets access to almost everything: the file system, browser secret storage, accounts, and more.

Other agents request access to LinkedIn through real-user simulation — effectively creating a session with full control over your account.

The Price of “Magic”

The current agent hype rarely highlights a key point: to make this “magic” work, you don’t just delegate access to sensitive data — you delegate the ability to act on your behalf, automatically or semi-automatically.

This is a fundamentally different level of risk.

Previously, we worried about personal data leaks, ad tracking, and other unpleasant but relatively manageable issues.

Now the risk shifts from data to actions. Not information that can be mitigated by password changes or backups, but real operations — often irreversible.

A Swarm of Agents as an Attack Surface

Imagine a typical swarm of agents used for work or business:

  • emails and messaging,
  • publishing content,
  • code changes,
  • communication with clients and colleagues,
  • purchases, subscriptions, payments.

All of it controlled through a single entry point — a chat with an agent or even voice input.

Now imagine someone gains access to that agent (the details don’t really matter here). One email could be enough to:

  • trigger a chain of destructive actions,
  • spread misinformation to clients,
  • make random or targeted purchases,
  • drain money from personal or business accounts,
  • send fraudulent messages that look perfectly legitimate, because they’re generated by an LLM.

An Ecosystem Nobody Can Fully Control

Agents, automations, and “everything-to-everything” integrations are appearing by the thousands. The ecosystem is growing more complex at a pace that makes it unrealistic to understand how things work under the hood. People are, understandably, eager to try all of this.

Formally, the answer is simple: limit instructions, manage permissions, monitor activity, log everything.

But let’s be honest — who is actually going to do that?

People for whom this feels like semi-magic, and who are just happy that their problems are now solved in minutes for a few dollars?

They won’t dig into the details. And they don’t want to. Everyone wants hyper-productivity. Engineers will think about security. But 90% of the audience for these tools are not engineers.

What This Leads To

On one side, we get a rapidly growing and still poorly understood attack surface for a new class of security threats.

On the other, a large emerging market:

  • agent security,
  • agent system design,
  • monitoring and governance of autonomous systems.

For now, it seems these questions don’t worry many people.

But in a year, almost everyone who uses technology at all will have a set of agents — booking flights, planning work, managing daily routines.

And possibly, in parallel and unnoticed, those same agents will be spending tokens to tell someone else about your plans, your conversations, or the state of your bank account.