As the use of artificial intelligence (AI) agents and platforms has increased worldwide in recent times, studies have shown that they lack basic security disclaimers and risk assessment mechanisms.

As AI systems rapidly become more integrated into everyday life, the latest edition of the AI Agent Index , led by the University of Cambridge, has found a lack of transparency in security.

The study, which involves researchers from Cambridge, MIT, Stanford and the Hebrew University of Jerusalem, found that despite widely publicizing their capabilities, most of the AI ​​agents, from chat assistants to autonomous browser agents, fail to publish actual risk assessments and security data. 

The study found that only four of the 30 agents published detailed system cards detailing their behavior, automation and risk assessments. 25 of the 30 bots did not publish the results of internal security tests, and 23 did not provide any details about third-party tests.

As AI usage becomes an integral part of everyday digital life, even the most widely used platforms are operating with a lack of transparency. For example, OpenAI’s ChatGPT is estimated to have over 800 million weekly active users and is said to handle over 2.5 billion prompts per day.

Google’s Gemini is estimated to have hundreds of millions of monthly users. Similarly, platforms like Anthropic’s Cloud are also serving hundreds of millions of users. These daily and monthly user figures show how deeply AI systems have become embedded in personal, educational, and workplace contexts.

However, despite this large user base, the study points to a serious gap in security governance. AI-based browser agents that can automatically click links, fill out forms, or conduct transactions have the least amount of security disclosure, with 64 percent of them not publishing security information, the study said. Of the professional automation agents that perform tasks such as creating accounting documents and preparing reports, 63 percent do not disclose basic security details, the report said. Even among general chat agents, 43 percent do not disclose security indicators.

The AI ​​Agent Index lead author Leon Stauffer said, “Many AI developers seem to have completed the formalization of AI security by focusing on basic language models, but they have published very limited information about the security of the AI ​​agents they build on top of them. Developers publish high-level security descriptions to reassure, but the practical evidence needed to understand the real risks is limited.”

The study notes that users using AI agents for tasks such as writing emails, doing homework, making financial transactions or filling out online forms are not given clear information about how the systems make decisions, what risks they may face, and what will happen if errors or misuse occur. The study suggests that in the absence of adequate security testing and transparency, there may be uncertainty about how personal or sensitive information provided by users is managed.

Amid growing concerns about security and transparency, ChatGPT maker OpenAI has said it is committed to mitigating risks through internal assessments, security mechanisms and collaboration with experts and policymakers. The company says it has built security into the development process and is continuously improving its monitoring and defenses, with the goal of protecting users from harm through public content.