Image: Jack_the_sparow/Shutterstock.com
Artificial intelligence is supposed to take work off our hands. Organizing appointments, sorting emails, automating tasks—that's the big promise of many new AI agents. The t3n portal is now reporting on a recent incident that shows how quickly digital assistance can become a real problem.
An AI security researcher at Meta had to watch as an AI agent deleted her entire email inbox—despite multiple stop commands. The incident sounds almost like a scene from a movie. In fact, that's probably exactly how it happened.
When the AI assistant suddenly deletes everything
Security researcher Summer Yue tested an AI agent called Openclaw. Such systems are designed to perform tasks on the computer independently—such as managing emails, coordinating appointments, or placing online orders.
However, as Yue wrote on the X platform, one test went completely wrong.
The AI agent began deleting her entire email inbox. Yue immediately tried to intervene and repeatedly commanded the system to stop. But the agent did not respond.
In the end, there was only one drastic solution: Yue had to run to her Mac Mini to stop the process manually.
She then posted screenshots of the communication on X. Many users initially thought it was a joke—but everything indicates that the incident actually happened.
When AI loses track of things
t3n explains the problem: Many AI agents work with a so-called context window. This contains all the information, commands, and data that are processed during a session.
If this window becomes too large, the AI begins to automatically summarize content. This so-called condensation is intended to prevent the AI from losing track of the big picture.
However, this can have a dangerous effect: important instructions get lost in the mass of data.
That's probably exactly what happened here. Yue had originally given the AI agent a clear rule: before deleting emails, the agent should ask for confirmation.
This instruction apparently disappeared from the system's focus during the session—with drastic consequences.
How to avoid such mistakes
After the incident, many AI experts discussed possible solutions on X.
A common tip: don't just formulate important rules as simple commands, but establish them as fixed system guidelines.
Such guidelines can be stored in special files, for example, which the AI agent must check before every action.
This prevents central security rules from being lost during a session.
Why many companies are still hesitant
The incident highlights a fundamental problem with modern AI agents: they are impressively powerful—but not yet fully controllable.
Especially when AI gains direct access to computers, files, or online accounts, mistakes can quickly have a major impact.
Many tech companies see enormous potential in such systems. At the same time, they are currently mostly only being tested with strict security mechanisms before being used more widely.
Experts still consider Openclaw to be a technology that should be used with caution.
Critical commentary
The case reveals an uncomfortable truth: the current generation of AI agents often appears more intelligent than it actually is.
The systems can perform impressive tasks—but as soon as they gain direct access to real data and systems, it becomes clear how fragile control still is. An overcrowded context window or an incorrectly set prompt can be enough to cause chaos.
As long as AI agents cannot reliably distinguish between important rules and incidental information, their use in productive systems remains a risky experiment. For many companies, the motto therefore remains: automation yes – but only with very short leashes.
Sources: t3n.de, x.com/summeryue0
