Nascent capabilities (agency and autonomy)
Traditionally, AI tools have been viewed as passive instruments controlled by users to achieve their goals, lacking the ability to take action or assume responsibilities. However, advanced AI tools are increasingly capable of taking initiative, operating independently of human control, and actively working toward optimal outcomes, even in uncertain situations.
ENTITY
2 - AI
INTENT
1 - Intentional
TIMING
3 - Other
Risk ID
mit742
Domain lineage
7. AI System Safety, Failures, & Limitations
7.2 > AI possessing dangerous capabilities
Mitigation strategy
1. Establish and enforce comprehensive, full-lifecycle AI governance and control frameworks, aligning with external standards such as the NIST AI Risk Management Framework, to ensure holistic oversight, accountability, and the management of emerging agentic capabilities. 2. Implement a Zero Trust security model for all autonomous agents by defining them as non-human identities, strictly applying the principle of least privilege (JITA), and deploying continuous, real-time behavioral monitoring to immediately detect and flag anomalous activity or attempts at unauthorized privilege escalation. 3. Mandate secure-by-design practices, including prompt hardening with explicit constraints, rigorous input validation and sanitization of all data exchanges, and narrowly defining the agent's operating boundaries to prevent scope drift and misuse.