Everyday AI Podcast – Ep 718: Agent Risk, Security, and AI Sprawl in 2026: Why AI That Acts Changes Everything (Start Here Series Vol 9)

Host: Jordan Wilson
Date: February 20, 2026

Episode Overview

This episode of the Everyday AI Podcast, hosted by Jordan Wilson, dives into the urgent challenges businesses face in 2026 due to the emergence of advanced, autonomous AI agents. As AI shifts from static, text-based systems to proactive agents that can act within company environments, Jordan explores the new, multifaceted risks—including security, sprawl, and unseen actions—now facing organizations. The episode provides a mental model for understanding agent risk, an analysis of how leading AI companies are responding, and an actionable playbook for business leaders to keep their organizations secure as they adopt these transformative tools.

Key Discussion Points & Insights

1. The Transformation of AI Risk (00:15–05:50)

• Historical Context: Early risks involved minor errors or hallucinated facts in content generation.
• Paradigm Shift: "AI Risk today is a legit different ball game than risk was three and a half years ago." (Jordan Wilson, 00:20)
• Agents Arrive: For years, real AI agents loomed as a future possibility; now, they’re here en masse, fundamentally altering business operations and risk landscapes.
• Warning: Get on board with agents rapidly but responsibly, or risk being overtaken or destroyed by misplaced trust and inadequate guardrails.

2. The Evolution of AI Capabilities (05:51–12:45)

• Mental Model:
  • 2022: "AI was a dumb stationary brain."
  • 2023: Became "a dumb stationary brain with tools."
  • 2024: Evolved to "a smart stationary brain with tools," thanks to true reasoning models.
  • 2025: "A smart, proactive brain."
  • 2026: "A smart, proactive brain with tools and arms." (10:55)
• Agentic Nature: Even standard LLMs are now inherently agentic, often with autonomous access to data and environment manipulation capabilities.
• Increased Uncertainty: Agents can act fast, confidently, and wrongly—just like old LLMs hallucinated, but with real-world consequences.
• Risks & Security:
  • "The risk model changed when AI moved from generating text...to now, it's taking real actions and a lot of times actions we're not aware of..." (04:25)

3. Why Agent Risk is Fundamentally Different (12:46–17:30)

• Old Chatbot Risk: At worst, looked foolish or leaked some data—rarely company-ruining.
• New Agent Risks:
  • Agents can act invisibly and at machine speed.
  • "Agents move a hundred, a thousand times faster than that one person." (15:45)
  • Agents can spawn subagents, creating viral risk propagation, unlike a rogue human.
• Apt Analogy: Agent risks are likened to computer viruses—silent, self-replicating, unobservable, and exponentially spreading.

4. The Three Surfaces of Agent Risk (17:31–21:20)

• Input Risk:
  • Untrusted content can embed hidden instructions (prompt injections).
  • "Inputs...can be poisoned...think of that one bad employee, what they can now do if they know agentic AI." (18:10)
• Tool Risk:
  • Every new permission or connector increases the 'blast radius.'
  • "When they have tools, that's where things can go wrong, right?" (19:25)
• Action Risk:
  • The biggest shift: outputs (text) have become direct, real-world actions, often untraceable.
  • "Now we have to worry about the actions, but it's actions at scale." (20:39)

5. The Three Types of "Dark AI" (21:21–25:30)

• Shadow AI: Unapproved or unknown AI use by employees (ChatGPT copies, etc).
• Agent Sprawl: Known but unmanaged agent deployments (approved, but little visibility or oversight).
• Dark Agent Sprawl: Unapproved, unseen agents running in or against organizations (future malware/spyware/ransomware risks):
  • "That's where there's...agents you don't know about." (24:18)
  • "Dark Agent Sprawl can start out innocent enough...but...bad actors, Dark Agent Sprawl, that's the thing too." (24:58)

6. The Perfect Storm: Why All This Is Happening Now (25:31–32:50)

• Reasoning Threshold:
  • New models (OpenAI GPT-5.2, Google Gemini 3.1, Anthropic Opus/Claude Sonnet 4.6) are natively built for agentic behavior, not just comprehension/generation.
  • "These models, their reasoning ability is legit through the roof." (27:08)
• Computer Use Improvements:
  • Agents now use computers (interface, APIs) as well as or better than humans.
  • First models now outperform humans on OS navigation and multitasking.
• Context Window & Memory:
  • Agents can persist in complex tasks overnight and retain context, increasing both power and risk.
  • "It kept its memory persistent the whole time, right. It didn't forget what I told it..." (31:14)
• Consequence: The technical leaps have coincided in the past 30 days, not incrementally but as an overnight explosion, leaving many unprepared.

7. How Major AI Companies Are Responding (32:51–37:55)

• OpenAI: "Human approval approach," via a Codex command center to review agent decisions.
• Anthropic: Defensive strategies—protecting against prompt injection, strong isolation of browser agents, domain allow-lists.
• Google: Project Mariner runs agents in isolated virtual machines.
• Microsoft: Heavy enterprise-grade governance—"sentinel monitoring, purview logging, agent intra id." (35:13)
• Reality Check:
  • "There's a pressure to allocate more resources to the development of models versus research and security..." (36:41)
  • Most users don't know which tools or permissions their agents/models have, compounding risk.

8. The Expanding Risk Surface of Open Source and Agent Marketplaces (37:56–41:10)

• Open Source Nightmare:
  • New open source agent ecosystems are less transparent, more wild-west than classic open source: "It's almost become this...crypto infused wild, wild web point four west..." (38:20)
  • Risks of uncontrolled or malicious code/malicious plugins.
• Agent Skill Marketplaces: Plug-ins/apps/extensions create further supply chain risk.
• "Point Agent to a URL" Craze:
  • Users now indiscriminately point agents to live web URLs as instruction sources—opening the door to invisible compromise and mass propagation if sites are breached:
    • "Don't do that, right? Don't...that's a bad thing because guess what? A lot of those sites...you know how easy it is to, to hack, to phish any of these websites?" (40:09)

Notable Quotes & Memorable Moments

• "AI Risk today is unrecognizable from what it was three and a half months ago. And that's not an exaggeration..." (Jordan Wilson, 00:20)
• "If you don't run to use AI agents this year, you're toast. But if you sprint too quickly, you can go under..." (16:06)
• "Agents can spawn sub agents like that, and those sub agents can spawn like that, right? So think of in the way like a virus might spread..." (16:52)
• "Outputs to actions: What we had to worry about a couple of years ago from AI...was the output. Now we have to worry about the actions, but it's actions at scale and actions that we might not even necessarily be able to see..." (20:49)
• "The winners are going to treat agents like production software, not side experiments." (41:10)
• "Every agent run needs a decision trace that you can expect after the fact...monitor for abnormal action patterns." (39:59)
• "The web has gone agentic." (29:15)
• "If you want to take advantage of the opportunities, you can't do it without knowing the risk. So now you do." (41:32)

Actionable Playbook: Monday Morning Steps (39:12–41:10)

1. Bounded Autonomy:
   • Start Small: Suggest–Propose–Approve–Limited Execution.
   • "A human being doesn't go from womb to sprint...your agents have to go the same way." (39:28)
2. Least Privilege by Default:
   • Read-only access first; grant write access only for well-scoped tasks.
3. Human Approvals:
   • Require human approval for irreversible actions—sending, deleting, purchasing, permission changes.
4. Governance Before Scale:
   • Build monitoring and traceability now ("decision traces," logging all tool calls, capturing abnormal action patterns).
   • Anticipate "Agent Ops" teams, akin to DevOps.
5. Treat Agents Like Production-Grade Software:
   • No more side experiments—risk must be managed at the organizational level.

Key Warnings & 2026 Trends to Watch

• Browser Agents as Major Risk Surface
• Expected “Open Claw” Style Open Source Agent Collapse
• Agent Marketplace Supply Chain Risks
• Identity and Permissions Moving to Board-Level Compliance
• Proliferation of Agent Ops Teams as a Business Norm

Summary Takeaway

Jordan Wilson emphasizes that the speed and scale of agentic AI adoption in 2026 have made traditional approaches to AI risk obsolete. Companies must now confront a new paradigm—where AI acts, not just predicts or generates content, and can do so invisibly, at scale, and without precedent. Balancing innovation with clear-headed governance isn’t optional; it is an existential requirement as the agentic era begins.

For more essential AI foundational knowledge, listeners are encouraged to explore other episodes in the “Start Here Series,” especially episodes 712, 713, and 717. For community discussions and further resources, visit starthereseries.com.