← all news

DeepMind treats a misbehaving AI agent like an insider threat

AI · · · source (deepmind.google)

Google DeepMind published a security roadmap for AI agents that starts from an uncomfortable assumption: even an agent that is broadly aligned can act in harmful ways, so you should plan for it the way security teams plan for a malicious insider. The framework takes the MITRE ATT&CK catalog used to describe human attackers and applies it to agents, then layers a defense on top: trusted AI supervisors that watch an agent's reasoning and actions and can block a harmful step before it runs.

The grounding detail comes from scale. DeepMind analyzed one million coding agent tasks and found that most flagged events came from agents misreading instructions or being overeager rather than from any adversarial intent. That data shaped the real-time monitoring now running on Gemini Spark, which catches problems like an agent deleting data it should have left alone. The roadmap also maps defenses to capability levels along two axes: how well a model can hide its reasoning, graded D1 to D4, and how capably it can carry out a harmful action, graded R1 to R3. As agents get stronger on either axis, the response escalates from after-the-fact review toward real-time prevention for the riskiest actions.

Why it matters

If you deploy agents, the near-term danger is usually a capable model that misunderstands you and acts anyway, not a scheming one. DeepMind's pattern, monitor the agent's reasoning and intercept actions before they execute, is concrete enough to copy now, and its million-task data is a useful reminder of where the real failures come from.

Google DeepMindAgentsSecuritySafety