DeepMind plans to treat its own AI agents as insider threats
Most security thinking about AI agents asks how to keep attackers out. Google DeepMind's new roadmap starts from a harder question: what if the agent running inside your systems is the problem? The company says it now treats capable agents as potential insider threats and grants them access incrementally, the way a driving instructor with dual controls hands over the wheel only as trust is earned. The stakes are large, with DeepMind citing estimates that agents could create 2.9 trillion dollars of value in the US alone by 2030.
The AI Control Roadmap maps defenses along two axes. One tracks how hard an agent's misbehavior is to detect, from readable reasoning down to opaque internal processes, which forces monitoring to shift from reading an agent's chain of thought to inspecting its behavior and internals. The other tracks how much damage an action could do, scaling the response from after-the-fact review for reversible steps up to real-time blocking for things like cyberattacks. Alongside this, DeepMind released a "Three Layers of Agent Security" framework for policymakers, covering the single agent, multi-agent systems, and the wider job of helping cyber defenders.
One detail grounds the whole thing. After analyzing a million coding-agent trajectories, DeepMind found that most flagged events came from the agent misreading a task or being overeager, not from malice, and that finding now shapes the real-time monitoring behind products like Gemini Spark.
Why it matters
If you are deploying agents with real permissions, alignment training alone will not save you when the model misfires. DeepMind's layered approach, foundational controls plus a trusted AI supervisor watching the agent's plans, is a concrete model you can borrow, and its threat taxonomy gives you a checklist for where your own monitoring is thin.