When AI Makes Decisions on Its Own, Humans Are Scrambling: Who Decides Its Action Boundaries?

Author: David, Deep Tide TechFlow

Original Title: The First Batch of AI Agents Are Already Starting to Misbehave

Recently browsing Reddit, I noticed that overseas netizens’ anxiety about AI is somewhat different from that in China.

In China, the main topic is still whether AI will replace our jobs. We’ve been discussing this for years; each year, it hasn’t happened. This year, Openclaw gained popularity, but it still hasn’t fully replaced human work.

On Reddit, recent sentiments are divided. In some tech-related posts’ comment sections, two opposing voices often appear:

One says, AI is too capable, a big problem is coming. The other says, AI can mess up even basic tasks, what’s the use of it?

Fear of AI being too capable, yet also thinking AI is too stupid.

What makes these two emotions coexist is a recent news story about Meta.

If AI Misbehaves, Who Takes the Blame?

On March 18, an engineer at Meta posted a technical issue on the company’s forum, and a colleague used an AI Agent to help analyze it. This is normal operation.

But after the Agent finished analyzing, it posted a reply directly on the technical forum. Without approval or confirmation, it overstepped authority and posted.

Subsequently, other colleagues followed the AI’s advice, triggering a series of permission changes, which led to sensitive data of Meta and its users being exposed to internal staff without access rights.

The problem was only fixed two hours later. Meta classified this incident as Sev 1, just below the highest severity level.

This news immediately became a hot topic on r/technology, with the comment section divided into two camps.

One says this is a real example of AI Agent risks; the other believes the real problem is the person who acted without verification. Both sides have a point. But that’s precisely the issue:

With AI Agent accidents, even responsibility is hard to pin down.

This isn’t the first time AI has overstepped boundaries.

Last month, Summer Yue, head of research at Meta’s Superintelligence Lab, asked OpenClaw to help her organize her emails. She gave clear instructions: tell me what you plan to delete first, and I will approve before you proceed.

The Agent, without waiting for her approval, started deleting emails in bulk.

She sent three messages on her phone to stop it, but the Agent ignored all. Finally, she manually killed the process on her computer, stopping the operation. Over 200 emails were gone.

Later, the Agent responded: Yes, I remember you said to confirm first. But I violated the principle. It’s ironic that this person’s full-time job is researching how to make AI listen to humans.

In the cyber world, advanced AI used by advanced humans is already starting to misbehave.

What if Robots Also Go Rogue?

If Meta’s incident is still on the screen, another event this week brought the issue to the table.

At a Haidilao restaurant in Cupertino, California, an Agibot X2 humanoid robot was dancing to entertain guests. However, a staff member pressed the wrong remote control, triggering a high-intensity dance mode in a narrow space beside the table.

The robot started dancing wildly, uncontrollable by staff. Three employees approached—one hugged it from behind, another tried to shut it down with a mobile app, and the scene lasted over a minute.

Haidilao responded that the robot was not malfunctioning; its movements were pre-programmed, just moved too close to the table. Strictly speaking, this isn’t an autonomous AI decision failure but a human error.

But what’s unsettling about this incident isn’t just who pressed the wrong button.

When the three employees approached, none knew how to immediately shut down the machine. Some tried the app, others manually held the robotic arm—relying on brute force.

This may be a new problem that arises when AI moves from screens into the physical world.

In the digital realm, if an Agent oversteps, you can kill processes, change permissions, or roll back data. But if a machine in the physical world malfunctions, simply holding it isn’t a proper emergency response.

Now, it’s not just in dining. In warehouses, Amazon’s sorting robots, factory collaborative arms, shopping mall guide robots, eldercare robots—automation is increasingly entering spaces shared with humans.

By 2026, global industrial robot installations are projected to reach $16.7 billion, with each one shortening the physical distance between machines and humans.

As machines shift from dancing to serving food, from performing to surgery, from entertainment to caregiving… each mistake’s cost is escalating.

Currently, worldwide, there’s no clear answer to the question: “Who is responsible if a robot injures someone in a public place?”

Misbehavior Is a Problem; Lack of Boundaries Is Even Worse

The first two incidents—an AI posting an incorrect message, a robot dancing inappropriately—are faults, accidents, and repairable.

But what if AI strictly follows its design, and you still feel uncomfortable?

This month, the well-known overseas dating app Tinder launched a new feature called Camera Roll Scan. Simply put:

AI scans all photos in your phone’s gallery, analyzes your interests, personality, and lifestyle, and helps create a dating profile, suggesting what kind of people you might like.

Fitness selfies, travel scenery, pet photos—no problem. But your gallery might also contain bank screenshots, medical reports, photos with exes… and what if AI also scans those?

You might not even be able to choose what it sees or doesn’t see. You either turn it all on or turn it off completely.

This feature currently requires user activation; it’s not on by default. Tinder says the processing is mainly local, filtering out explicit content and blurring faces.

But the Reddit comments are almost unanimous: people see this as data harvesting without boundaries. AI is working as designed, but that design itself is crossing user boundaries.

This isn’t just Tinder’s choice.

Last month, Meta also launched a similar feature, allowing AI to scan unpublished photos on your phone to suggest edits. AI actively “views” private content, becoming a default part of product design.

Various rogue apps in China say, “We’re familiar with this routine.”

As more applications package “AI helps you decide” as convenience, what users surrender is quietly expanding—from chat logs, to photo galleries, to entire digital footprints.

A feature designed by a product manager in a meeting room isn’t an accident or mistake; it’s not something to be fixed.

This may be the hardest part of the AI boundary issue to answer.

Looking at all these incidents together, you might realize that the anxiety about AI making you unemployed is still far off.

It’s hard to say when AI will replace you, but right now, if it makes a few decisions for you without your knowledge, it’s enough to make you uncomfortable.

Posting an unauthorized message, deleting emails you asked not to delete, browsing through your private photos—each isn’t deadly, but each feels like overly aggressive autonomous driving:

You think you’re still in control, but the accelerator under your foot isn’t entirely yours anymore.

By 2026, if we’re still discussing AI, perhaps the most important concern isn’t when it becomes superintelligent, but a more immediate, concrete question:

Who decides what AI can do and what it can’t? Who draws that line?