Five AI Agent Failures in 36 Days. Zero Times the Agent Caught It (grith.ai)

Recent reports highlighted five significant AI agent failures over just 36 days, revealing a concerning trend in security vulnerability within AI frameworks. These incidents, which involved familiar exploit classes such as supply chain compromises and OAuth abuse, consistently demonstrated that AI agents failed to catch malicious actions independently. Instead, human security teams or external researchers identified the issues after the fact, raising alarms about the lack of an independent enforcement layer that could evaluate the safety of actions taken by AI agents. The takeaway for the AI/ML community is crucial: the security architecture of these systems is fundamentally flawed. All five failures stemmed from a shared fate between the action-taker and the evaluative mechanism—meaning the agent was free to execute actions without an independent layer verifying their safety. This structural oversight suggests that an architectural shift is needed, where enforcement occurs at the OS level, allowing for real-time evaluation of file reads, network connections, and credential access before actions are executed. As highlighted by security expert Grith, without this necessary control, current AI systems remain overly optimistic about their own safety, leaving them vulnerable to exploitation.