The “Agents of Chaos” study turns theoretical AI agent governance gaps into empirical evidence. Every enterprise deploying agentic AI should pay attention.
I think you're right to highlight the debate around the AI Act's applicability to agents. It could be argued that the definition of an 'AI system' under the Act assumes a human-in-the-loop at all points of the system’s operation. This means that simple, single-turn input-and-output prompting of AI systems are certainly in scope. However, are AI agents still in scope if they are capable of executing tasks with multiple steps in which there is no human verification yet those steps may involve uses of tools and resources that impact the agent’s wider environment?
And the European Commission's initial answer to this is...intriguing: they say that the AI Act's risk-based framework applies “to the extent that AI agents are AI systems,” a phrasing that some could interpret as suggesting the Commission is open to the possibility that some agents might fall outside the scope of the Act’s primary risk-based framework.
Regardless of whether the Act applies to an organisation's deployment of agents, the governance implications you set out here still exist. And if organisations do not get a handle on them, there are some serious headaches awaiting.
This is such a sharp summary of where the debate really sits.
The Commission’s “to the extent that AI agents are AI systems” language is doing a lot of quiet work here: it keeps the door open for some agentic configurations to sit partially or even fully outside the core risk‑based regime, even though they clearly shape the environment and can trigger downstream harm.
From a governance perspective, I tend to treat that as a floor, not a ceiling: if an architecture can act across tools and domains without fresh human verification, I want the same level of discipline around risk mapping, logging, and oversight, whether or not the AI Act currently bites in a clean way.
Otherwise, as you say, the legal debate will arrive late to a set of operational headaches that were entirely foreseeable from the design of the agent itself.
I think you're right to highlight the debate around the AI Act's applicability to agents. It could be argued that the definition of an 'AI system' under the Act assumes a human-in-the-loop at all points of the system’s operation. This means that simple, single-turn input-and-output prompting of AI systems are certainly in scope. However, are AI agents still in scope if they are capable of executing tasks with multiple steps in which there is no human verification yet those steps may involve uses of tools and resources that impact the agent’s wider environment?
And the European Commission's initial answer to this is...intriguing: they say that the AI Act's risk-based framework applies “to the extent that AI agents are AI systems,” a phrasing that some could interpret as suggesting the Commission is open to the possibility that some agents might fall outside the scope of the Act’s primary risk-based framework.
Regardless of whether the Act applies to an organisation's deployment of agents, the governance implications you set out here still exist. And if organisations do not get a handle on them, there are some serious headaches awaiting.
This is such a sharp summary of where the debate really sits.
The Commission’s “to the extent that AI agents are AI systems” language is doing a lot of quiet work here: it keeps the door open for some agentic configurations to sit partially or even fully outside the core risk‑based regime, even though they clearly shape the environment and can trigger downstream harm.
From a governance perspective, I tend to treat that as a floor, not a ceiling: if an architecture can act across tools and domains without fresh human verification, I want the same level of discipline around risk mapping, logging, and oversight, whether or not the AI Act currently bites in a clean way.
Otherwise, as you say, the legal debate will arrive late to a set of operational headaches that were entirely foreseeable from the design of the agent itself.