AI tools are getting seriously capable, and it is happening fast. We have moved well beyond chatbots that simply answer questions. Today, AI agents can access files, reorganise folders, update spreadsheets, connect systems, and execute multi-step tasks with very little supervision. Tools such as Claude Cowork are no longer just "assistants". They operate inside real workflows.

That is impressive. It is also exactly where risk management needs to step in, without getting distracted by science-fiction headlines.

A recent Wired podcast by Evan Ratliff made this very concrete. Ratliff described an experiment in which he created a startup where some of the founders and employees were AI agents — not as a thought experiment, but as something that could actually run. It is unsettling, but more importantly, it shows that we are already past the theoretical stage. This is no longer "future of work" speculation. It is operational reality.

The Problem with Treating AI Like People

We all do it. "My buddy Claude helped me with this." "ChatGPT figured it out." That kind of language helps adoption, and by itself it is mostly harmless. The risk begins when organisations believe the story — when AI agents are treated as colleagues, team members, or even decision makers.

AI systems do not think. They do not exercise judgment. They do not understand consequences. They are extremely good at pattern matching and following instructions, and they are very good at sounding confident while doing so.

From a project risk perspective, this matters a lot. If teams trust an AI agent the way they trust a human colleague, they will stop checking outputs carefully, assign tasks beyond its real capabilities, and assume it "knows" when something is wrong. The AI will not push back. It will simply produce something that looks plausible, even if it is incorrect.

When AI Agents Talk to Each Other, It Is Mostly Theatre

Those viral stories about AI chatbots "rebelling", inventing languages, or debating their own freedom are not signs of emergent intelligence. They are AI systems performing extremely convincing impressions. These models are trained on decades of human content, including science fiction. Put them in a scenario that resembles a sci-fi plot, and they will play the role perfectly.

The real risk is not the AI. It is how people react. Sensational headlines generate noise. Stakeholders become nervous. Regulators react to narratives instead of evidence. Internally, teams start managing fear and perception rather than real technical risks. From a project perspective, this is wasted effort and misdirected attention.

Security Is Still Playing Catch-Up

This is where the real risks sit. Modern AI agents can access local files, connect to calendars and email, manipulate spreadsheets and databases, and coordinate actions across multiple systems. That creates genuine productivity gains. But many early and experimental tools have shown serious weaknesses. Credentials have been exposed, permissions have been far too broad, and behaviour has been unpredictable. In several cases, impressive capability arrived long before proper security controls.

This pattern should look familiar. Capability is moving faster than control. Just because a tool can do something impressive does not mean it is ready for production use. From a risk management perspective, AI agents should be treated like any powerful new system: restricted access by default, strong sandboxing, clear rollback and recovery plans, and testing under realistic failure scenarios. Vendor demos are not risk assessments.

They Do What You Say, Not What You Mean

Traditional software is predictable. You click a button and you get the same result every time. AI agents behave differently. Tell an agent to "organise these documents" and it will make dozens of small decisions. It will choose names, create folders, move files, and prioritise content. It is trying to be helpful based on patterns it has learned, but it has no understanding of your organisation's unwritten rules.

This creates classic scope risk. The task may be completed successfully on paper while producing side effects you never intended. A human would hesitate or ask. The AI will not, unless you explicitly instruct it to do so.

Accountability Gets Messy Very Quickly

When an AI agent makes a mistake, root cause analysis becomes more complicated. Was the problem the prompt, the underlying model, the system integration, or the lack of human oversight? If an AI "employee" makes a poor decision, who is responsible? The person who wrote the prompt? The organisation deploying the tool? The vendor providing the model?

You cannot ask the AI what it was thinking, because it was not thinking. This means organisations need stronger logging, traceability, and auditability than they are used to — not less.

What Actually Matters

Forget AI consciousness and rebellion. That is not where the risk is. Focus on the practical questions:

What data can the agent access? Limit it to what is strictly necessary for the task.

What happens when it makes a mistake? Have rollback plans before deployment, not after.

Can we audit its actions? If not, do not deploy it in anything consequential.

Who is accountable? This must be decided before the tool is used, not after an incident.

Test properly. Limit access. Keep humans in the loop until failure modes are understood. Be honest about what these systems can and cannot do.

AI agents are real, useful, and here to stay. But from a project risk management perspective, they remain tools — not colleagues, not decision makers, and certainly not accountable actors. They should be managed accordingly.