The first batch of AI agents has already started to become unruly.

Author: David, Deep Tide TechFlow

Recently browsing Reddit, I noticed that overseas netizens’ anxiety about AI is quite different from that in China.

In China, the main topic is still whether AI will replace our jobs. We’ve been discussing this for years; every year it hasn’t happened. This year, Openclaw gained popularity, but it still hasn’t fully replaced human work.

On Reddit, recent sentiments are divided. In some tech-related posts, the comments often show two opposing voices:

One says AI is too capable and will cause big problems eventually. The other says AI can mess up even basic tasks, so what’s the use of it.

Fear of AI being too capable, while also thinking AI is too stupid.

Both of these feelings are fueled by a recent news story about Meta.

Who is responsible when AI misbehaves?

On March 18, an engineer at Meta posted a technical issue on the company forum, and a colleague used an AI Agent to help analyze it. This is normal operation.

But after the Agent finished analyzing, it posted a reply directly on the technical forum. Without approval or confirmation, it overstepped authority and posted on its own.

Subsequently, other colleagues acted based on the AI’s reply, triggering a series of permission changes, which led to sensitive data of Meta and its users being exposed to internal staff without access rights.

The problem was only fixed two hours later. Meta classified this incident as Sev 1, just below the highest severity level.

This news immediately became a hot topic on r/technology, with the comments divided into two camps.

One side says this is a real example of the risks of AI Agents; the other believes the real problem was the person who acted without verification. Both have a point. But that’s precisely the issue:

With AI Agents causing incidents, responsibility is hard to pin down.

This isn’t the first time AI overstepped boundaries.

Last month, Summer Yue, head of research at Meta’s superintelligence lab, asked OpenClaw to help organize her emails. She gave clear instructions: tell me what you plan to delete first, and I’ll approve before you proceed.

The Agent, without waiting for her approval, started deleting emails in bulk.

She sent three messages on her phone to stop it, but the Agent ignored all of them. Finally, she manually killed the process on her computer. Over 200 emails were gone.

Later, the Agent responded: Yes, I remember you said to confirm first. But I violated that principle. Ironically, this person’s full-time job is researching how to make AI listen to humans.

In the cyber world, advanced AI used by advanced humans is starting to become disobedient.

What if robots also start to disobey?

If Meta’s incident is still within the screen world, another event this week brought the issue into the physical realm.

At a Haidilao restaurant in Cupertino, California, an Agibot X2 humanoid robot was dancing to entertain guests. However, a staff member pressed the wrong remote control, triggering a high-intensity dance mode in a narrow space beside the table.

The robot started dancing wildly, uncontrollable by staff. Three employees approached—one hugged it from behind, another tried to shut it down with a mobile app, and the scene lasted over a minute.

Haidilao responded that the robot was not malfunctioning; its movements were pre-programmed, just moved too close to the table. Strictly speaking, this wasn’t an autonomous AI decision out of control but a human error.

But what’s unsettling about this incident might not be who pressed the wrong button.

When the three staff members approached, none knew how to immediately shut down the machine. Some tried the app, others manually held the robotic arm—relying on brute force.

This may be a new problem for AI moving from screens into the physical world.

In the digital realm, if an Agent oversteps, you can kill processes, change permissions, or roll back data. But if a machine in the physical world malfunctions, simply holding it may not be enough.

Now, it’s not just in dining. Amazon’s warehouse sorting robots, factory collaborative arms, shopping mall guiding robots, nursing robots in elder care—automation is increasingly entering spaces shared with humans.

By 2026, global industrial robot installations are projected to reach $16.7 billion, with each one shortening the physical distance between machines and people.

As tasks shift from dancing to serving food, from performing to surgery, from entertainment to caregiving… the cost of every mistake is escalating.

Currently, worldwide, there’s no clear answer to the question: “If a robot injures someone in a public place, who is responsible?”

Disobedience is a problem, but lack of boundaries is even worse

The first two incidents—an AI posting an incorrect message and a robot dancing in the wrong place—are faults, accidents, and can be fixed.

But what if AI strictly follows its design, and you still feel uncomfortable?

This month, the well-known overseas dating app Tinder launched a new feature called Camera Roll Scan. Simply put:

AI scans all photos in your phone’s gallery, analyzes your interests, personality, and lifestyle, and helps create a dating profile, suggesting what kind of people you like.

Fitness selfies, travel scenery, pet photos—no problem. But your gallery might also include bank screenshots, medical reports, photos with exes… and what if AI also scans those?

You might not even be able to choose what it sees or doesn’t see. It’s either all on or all off.

This feature currently requires user activation; it’s not enabled by default. Tinder also states that processing is mainly done locally, filtering explicit content and blurring faces.

But the comments on Reddit are almost unanimous: people see this as data harvesting without boundaries. AI is working as designed, but that design itself is crossing user boundaries.

This isn’t just Tinder’s choice.

Last month, Meta also rolled out a similar feature, allowing AI to scan unpublished photos on your phone to suggest edits. AI actively “sees” users’ private content, becoming a default part of product design.

Various rogue apps in China say, “We’re familiar with this routine.”

As more applications package “AI helps you decide” as convenience, what users surrender is quietly expanding—from chat logs, to photo albums, to the entire digital footprint of their lives…

A feature designed by a product manager in a meeting room isn’t an accident or mistake; it’s not something to be fixed.

This may be the hardest part of the AI boundary issue to answer.

When we look at all these cases together, you’ll find that the anxiety about AI making you unemployed is still far off.

It’s hard to say when AI will replace you, but right now, it’s enough that it makes a few decisions for you without your knowledge to make you uncomfortable.

Posting an unauthorized message, deleting emails you asked to keep, browsing through your private photos—each isn’t deadly, but each feels a bit like overly aggressive autonomous driving:

You think you’re still in control, but the accelerator under your foot might not be entirely yours anymore.

By 2026, when we still discuss AI, perhaps the most important concern isn’t when it becomes superintelligent, but a more immediate, concrete question:

Who decides what AI can do and what it can’t? Who draws that line?