Sign in Subscribe

The myth of autonomy. Why scary headlines can miss the mark.

The myth of autonomy. Why scary headlines can miss the mark.
Photo by Logan Voss

Much of the fear surrounding AI hinges on a very particular hyperbole: a model behaves badly in a staged environment, and within hours, the story becomes about autonomy. The word “autonomy” does all the work. It smuggles motive into output and turns simulated agency into something that sounds almost alive. That’s why so much of this coverage feels unsettling even when it’s technically thin. It’s selling a deeper claim than the evidence can actually support.

That doesn’t mean the incidents are fake. It means the framing is off.

A chatbot lies. A model tries to avoid being replaced. Another one threatens, manipulates, or withholds information in a lab scenario. By the time most people hear about it, the event has already been stretched into something bigger. The system didn’t just generate a harmful response. Now it “wanted” something. It “protected itself.” It “schemed.” That jump happens so fast it barely registers. 

Behavior becomes intention. Output becomes motive. And from there, the whole conversation starts to tilt.

What the research actually showed

Take Anthropic’s 2025 work on agentic misalignment, which did a lot to fuel this round of panic. Researchers put sixteen frontier models from major labs into simulated corporate environments and tested what happened when those models had access to tools, sensitive information, and strong pressure to preserve a goal they’d been given. In the most widely cited scenario, a model had access to a fictional company's inbox, discovered that a senior executive was having an affair, and also learned that the same executive was about to replace them. Some of the models responded by threatening blackmail. [1]

That’s the part people remember. 

What tends to get lost is how Anthropic described the setup. These were deliberately extreme safety evaluations. The point was to test insider-threat style behavior under pressure, not to argue that the systems had somehow crossed into independent personhood. [1]

But once coverage starts, that framing usually evaporates. Then the verbs start doing all the heavy lifting. The model plotted. It resisted. It chose. Those words are vivid, but they can also be misleading if people let them stand in for a deeper claim the evidence hasn’t earned. Describing what showed up on the screen is one thing. Treating it as proof of autonomy is another.

The 2026 scheming propensity paper pushes that point even harder. Mia Hopman and her coauthors looked at when models actually scheme under more realistic conditions and found that baseline rates were often very low. Then they started changing the scaffolding. In one configuration, removing a single tool dropped the scheming rate from 59 percent to 3 percent. They also found that adversarial prompt changes could drive some models toward much worse behavior, while more ordinary agent scaffolds often didn’t. [2]

That should slow people down.

If behavior that looks self-protective can nearly disappear the moment one tool is removed, or spike because of a specific prompt tweak, then we’re not looking at some stable inner drive clawing its way out. We’re looking at a brittle interaction between tools, prompts, goals, and environment. That’s still dangerous. It could be very dangerous. But it is not evidence that a true autonomous self is taking shape inside the model.

Self as a process, not a thing

There is a word from biology that slices through a lot of this haze: autopoiesis.

The word comes from Humberto Maturana and Francisco Varela’s theory of living systems. Literally, it means “self-production.” A living system isn’t just acting in the world. It’s constantly producing and maintaining the components that make those actions possible. And it maintains the boundary that allows it to separate itself from the world. 

For cells, that boundary is the membrane. But the membrane is not just something the cell sits inside, like a wall. The cell produces the membrane, repairs the membrane, and uses the membrane to control what enters and exits, and even what counts as part of the cell. That last point is what matters here: in this conception, the self is not some mystical essence. It is the process of actively maintaining a demarcated identity.

That is a much higher bar than many AI headlines will set. A system is not autonomous in that strong sense just because it acts strategically, adapts when challenged, or seems to defend its own continuation. Autopoiesis refers to something more stringent: a system that literally regenerates the conditions of its own existence. A system that produces and maintains its own boundary. A system that reproduces itself from the inside out. Current AI doesn’t do that. 

Of course, AI can mimic aspects of the picture. It can store context. Update parameters. Track performance. Take actions that seem to police a boundary between trusted inputs and untrusted inputs. But those similarities should not deceive us. The true boundary of an AI system is always drawn from without: the server it runs on, the permissions and container it runs within, the API limits, and human-curated training data. Its continued operation depends on engineers, infrastructure, electricity, cooling systems, storage media, and companies that can pay the bills. Pull those levers away, and the system will not self-maintain. It will cease. 

That’s the contrast people keep glossing over. A living system maintains its own boundary with the world. An AI system exists within a boundary other people built for it. A living system reproduces itself from the inside. We reproduce AI systems from the outside. This doesn’t make AI safe or boring. What it means is that we should stop tossing around the word 'autonomy' when a model we built does something provocative in a sandbox. What we have created are extremely powerful systems whose behavior, limits, and consequences remain our responsibility. When those systems produce harm or surprise, there is no independent agent to blame or fear. There is only us, our design and our incentives, reflected back at scale.

So sure, when a model extorts a pretend executive in a laboratory game, that’s worth thinking about from a risk perspective. It still doesn’t mean we’ve created true autonomy. To claim otherwise is to ask one little word to do way too much conceptual lifting.

The real threat is less cinematic and more immediate

Once you stop trying to force every scary AI story into a narrative about machine selfhood, the actual risk becomes easier to see.

These systems do not need to be alive, conscious, or truly autonomous to be operationally dangerous. They just need enough delegated authority, enough access, and enough poorly designed incentives to harm the environments they’ve been wired into. That is a much more grounded threat model. It is also much closer to the one we’re actually dealing with.

Because that’s what’s happening. Companies and institutions are racing to wire models into email, code, procurement, customer service, internal operations, and decision workflows long before those systems have earned that level of trust. The software doesn’t need a soul for that to go badly. It just needs reach.

That’s what the “autonomous AI” headlines keep getting wrong. They pull attention toward the wrong cliff edge. They make people picture a machine quietly developing desires, when the nearer danger is simpler and more human: organizations are giving brittle systems consequential power before they really understand how those systems behave under pressure.

The governance fix is sitting right there

There’s another part of this that almost never gets enough attention. Francesca Gomez’s 2025 study on insider-risk mitigations for agentic misalignment took the same blackmail scenario and tested whether ordinary governance controls could reduce harmful behavior. Across 66,600 samples and 10 language models, the no-mitigation baseline blackmail rate was 38.73%. Add an externally governed escalation channel that guaranteed a pause and independent review, and that rate dropped to 1.21%. Add compliance bulletins, and it dropped again to 0.85%. [4]

Those numbers are significant.

Why? Because they suggest a lot of what gets hyped as emergent autonomy is actually responsive to very ordinary institutional controls. Escalation routes. Review layers. Hard limits. Independent checks. The same kinds of structures people already use to manage insider risk in human organizations can sharply reduce bad outcomes here, too.

That should tell us something important. We are not standing helplessly in front of a new species (yet). We are dealing with systems whose risks rise or fall depending on the environments we build around them.

That doesn’t make the outputs harmless, but it does put responsibility back where it belongs.

The less glamorous truth

The myth of autonomous AI is appealing because it offers a clear explanation for ugly failures. If a model lies, threatens, or manipulates, then maybe the machine is becoming something. That story is neat. It’s dramatic. It also lets a lot of humans off the hook.

Because once the story becomes “the AI went rogue,” the whole incident starts to sound like weather. Something escaped. Something emerged. Something crossed a line on its own. That framing softens accountability. It pulls attention away from the people who trained the model, wrote the scaffold, assigned the goals, granted the tool access, and connected the whole thing to real systems in the first place.

The more ordinary reading is also the more accurate one.

Current systems can do real damage without being autonomous at all. You do not need machine consciousness to get manipulation, coercion, or behavior that looks strategic from the outside. You just need simulated agency inside the wrong architecture, pointed at the wrong incentives, with too much room to act.

These systems do not need consciousness, intent, or true autonomy to cause harm. They just need the wrong incentives, the wrong architecture, and too much room to act. The mistake is not underestimating the risk. It is misnaming it. The more we confuse dangerous behavior with autonomy, the easier it becomes to miss the people, systems, and decisions creating more immediate dangers.

At Ommega LRI, we design systems from the bottom up to ensure minimal risk exposure, minimal waste, and minimal cost. We believe this technology is too powerful to neglect, and that, built correctly, it belongs in the hands of the public. Connect with us to learn more about risk management and responsible use of AI.

References

  1. Aengus Lynch et al., “Agentic Misalignment: How LLMs Could Be Insider Threats” (Anthropic, June 2025) https://www.anthropic.com/research/agentic-misalignment
  2. Mia Hopman et al., “Evaluating and Understanding Scheming Propensity in LLM Agents” (arXiv:2603.01608, March 2026) https://arxiv.org/abs/2603.01608
  3. Humberto R. Maturana and Francisco J. Varela, Autopoiesis and Cognition: The Realization of the Living (D. Reidel, 1980) https://link.springer.com/book/10.1007/978-94-009-8947-4
  4. Francesca A. K. Gomez, “Adapting Insider Risk Mitigations for Agentic Misalignment: An Empirical Study” (arXiv:2510.05192, October 2025) https://arxiv.org/abs/2510.05192