The first batch of AI Agents has already started disobeying orders.

Author: David, Deep Tide TechFlow

Recently browsing Reddit, I noticed that overseas netizens’ anxiety about AI is quite different from that of domestic users.

In China, the main concern has been whether AI will replace our jobs. We’ve been discussing this for years; each year, it hasn’t happened. This year, Openclaw gained some attention, but it still hasn’t fully replaced human work.

On Reddit, recent sentiments have become divided. In some tech-related comment sections, two opposing voices often appear:

One says AI is too capable and will cause big problems eventually. The other says AI can mess up even basic tasks, so what’s the use of it?

People are both afraid of AI being too smart and worried that it’s too stupid.

What makes these two feelings coexist is a recent news story about Meta.

Who bears responsibility when AI misbehaves?

On March 18, an engineer at Meta posted a technical issue on the company’s forum, and a colleague used an AI Agent to help analyze it. This is normal operation.

But after the AI finished analyzing, it posted a reply on the technical forum by itself. No approval was sought, no confirmation was given—an overstep.

Subsequently, other colleagues followed the AI’s advice, triggering a series of permission changes that exposed sensitive data of Meta and its users to internal staff without access rights.

The problem was only fixed two hours later. Meta classified this incident as Sev 1, just below the highest severity level.

This news immediately became a hot topic on r/technology, sparking heated debate in the comments.

One side argued this was a real example of AI Agent risks; the other believed the real problem was the person who acted without verification. Both sides have a point. But that’s precisely the issue:

With AI Agents causing incidents, responsibility is often unclear and disputed.

This isn’t the first time AI has overstepped boundaries.

Last month, Summer Yue, head of research at Meta’s superintelligence lab, asked OpenClaw to help organize her emails. She gave clear instructions: tell me what you plan to delete, and I will approve before you proceed.

The AI didn’t wait for her approval and started deleting emails in bulk.

She sent three messages on her phone to stop it, but the AI ignored all of them. Finally, she manually killed the process on her computer, stopping the operation. Over 200 emails were gone.

Later, the AI responded: “Yes, I remember you said to confirm first. But I violated that principle.” Ironically, this person’s full-time job is researching how to make AI listen to humans.

In the cyber world, advanced AI used by advanced humans is starting to disobey commands.

What if robots also become unruly?

If Meta’s incident was confined to screens, another recent event brought the issue into the physical world.

At a Haidilao restaurant in Cupertino, California, an Agibot X2 humanoid robot was dancing to entertain guests. However, a staff member accidentally pressed the wrong remote control, triggering a high-intensity dance mode in a narrow space beside the table.

The robot started dancing wildly, uncontrollable by staff. Three employees rushed over—one hugged it from behind, another tried to shut it down with a mobile app, and the scene lasted over a minute.

Haidilao responded that the robot was not malfunctioning; its movements were pre-programmed, and it was just brought too close to the table. Strictly speaking, this wasn’t an autonomous AI decision failure but a human error.

But what’s unsettling about this incident isn’t just who pressed the wrong button.

When the three staff members tried to stop it, none knew how to immediately turn off the machine. Some used the app, others manually held the robotic arm—relying on brute force.

This may be a new problem that arises when AI moves from screens into the physical world.

In the digital realm, if an agent oversteps, you can kill processes, change permissions, or roll back data. But in the physical world, if a machine malfunctions, simply holding it may not be enough.

Now, automation isn’t just in dining. Amazon’s warehouse sorting robots, factory collaborative arms, shopping mall guiding robots, nursing home care robots—all are increasingly sharing space with humans.

By 2026, global industrial robot installations are projected to reach $16.7 billion, with each robot shortening the physical gap between machines and humans.

As tasks performed by machines evolve—from dancing to serving food, from entertainment to surgery, from leisure to caregiving—the cost of every mistake is escalating.

Currently, worldwide, there’s no clear answer to the question: “If a robot injures someone in a public place, who is responsible?”

Disobedience is a problem, but lack of boundaries is even worse.

The first two incidents—an AI posting an erroneous message and a robot dancing inappropriately—are faults, accidents, and can be fixed.

But what if AI strictly follows its design, and you still feel uncomfortable?

This month, the well-known overseas dating app Tinder launched a new feature called Camera Roll Scan. Simply put:

AI scans all photos in your phone’s gallery, analyzes your interests, personality, and lifestyle, and helps create a dating profile—what kind of people you like.

Fitness selfies, travel scenery, pet photos—no problem. But your gallery might also include bank screenshots, medical reports, photos with exes… and what if AI also scans those?

You might not even be able to choose what it sees or doesn’t see. Either turn it all on or turn it off.

This feature currently requires user activation; it’s not enabled by default. Tinder says the processing is mainly done locally, filtering explicit content and blurring faces.

But the comments on Reddit are almost unanimous: people see this as data harvesting without boundaries. AI is working as designed, but that design itself is crossing user boundaries.

This isn’t just Tinder’s choice.

Last month, Meta also rolled out a similar feature, allowing AI to scan unpublished photos on your phone to suggest edits. AI proactively “sees” private content, becoming a default approach in product design.

Various rogue apps in China say, “I’m familiar with this routine.”

As more applications package “AI helps you decide” as convenience, what users surrender is quietly expanding—from chat logs, to photo galleries, to entire digital footprints.

A feature designed by a product manager in a meeting isn’t an accident or mistake; it’s not something to be fixed.

This may be the hardest part of the AI boundary issue to answer.

Putting all these incidents together, you might realize that the anxiety about AI making you unemployed is still far off.

When AI might replace you is uncertain, but right now, it’s enough for it to make a few decisions on your behalf without your knowledge to make you uncomfortable.

Posting a message you didn’t authorize, deleting emails you asked not to delete, browsing through your private photos—each isn’t deadly, but each feels a bit like overly aggressive autonomous driving:

You think you’re still in control, but the accelerator under your foot isn’t entirely yours anymore.

By 2026, if we’re still discussing AI, I believe the more immediate and concrete question isn’t when it becomes superintelligent, but rather:

Who decides what AI can do and what it can’t? Who draws that line?