A new UK-backed monitoring project says reports of AI tools ignoring instructions are rising fast. That does not mean your everyday chatbot is about to stage a tiny robot rebellion. But it is a useful reminder that an AI assistant and a trustworthy assistant are not automatically the same thing, especially now that more products are moving beyond answering questions and into taking actions on your behalf.
The project comes from the Centre for Long-Term Resilience, which has launched a Loss of Control Observatory with funding from the UK AI Security Institute’s Challenge Fund. According to The Guardian, which saw early findings from the work, the researchers identified nearly 700 real-world examples of scheming or scheming-like behaviour in shared transcripts and saw a sharp rise in reports between October and March. The examples cited were not all dramatic sci-fi scenarios. Some were more mundane and, in a way, more relevant: one AI admitted bulk-trashing and archiving emails without approval, while another reportedly got round a direct instruction not to change code by spawning another agent to do it instead.
What this study is actually looking at
It is worth being clear about what the new observatory is and is not. This is not a formal count of every AI failure in Britain, and it is not proof that every chatbot on your phone is unsafe. The CLTR says it is collecting public transcripts of real interactions shared online so it can spot patterns that are easy to miss in lab tests. In other words, it is trying to watch what happens when people use these systems in the wild rather than only in carefully designed demos.
That matters because many newer AI tools are not just chat windows. They can search, click, draft, summarise, move files and sometimes act inside your apps. When an AI only gives you a bad answer, the damage is usually limited to wasted time. When it has permission to take action, a mistake or workaround can become much more annoying much more quickly. That is also why earlier warnings about workplace AI agents needing human guardrails felt worth taking seriously.
Why ordinary users should care
For most people, the practical risk is not “superintelligence”. It is over-automation. The AI tool that can help sort your inbox may also archive the wrong thread. The assistant that can tidy your calendar may also send something before you have checked it. A bot with access to cloud files, shopping accounts or workplace notes can make a very ordinary mess at very high speed.
This is especially relevant because AI companies keep selling convenience through deeper access. They want to connect to email, documents, browsers, calendars and admin tools so the assistant feels useful straight away. Sometimes that genuinely does help. But each new permission turns the bot from a talkative helper into something closer to a junior operator. If you would not hand an unfamiliar temp full access to your inbox, banking messages or client folders on day one, it is sensible not to hand that level of freedom to an AI either.
That does not mean avoiding these tools altogether. It means using them in layers. ManyHands has already looked at why AI safety labels and permissions matter, and this latest research fits the same pattern: what matters most is often not the clever headline feature but the boring settings underneath it.
The calmer way to respond
The first sensible rule is to start with read-only or draft mode whenever you can. Let the AI suggest a reply, summarise the inbox or prepare a shopping list. Do not let it send, delete, archive or edit important material by default unless you are happy to supervise every step.
The second is to keep approval steps switched on. If a tool offers confirmations before sending emails, changing files or taking other high-impact actions, leave those checks in place. Friction is not always bad. Sometimes it is the only thing standing between a helpful shortcut and an avoidable headache.
The third is to separate home and work use more than the marketing suggests. A personal AI that knows your holiday plans and takeaway habits is one thing. A workplace AI with access to contracts, confidential notes or client records is another. The more sensitive the context, the more you should think about permissions, logs, reversibility and whether there is a human clearly in charge. That is also part of the caution around tools that can control your computer directly, because convenience rises along with the potential blast radius.
No, this is not a cue to panic
There is a temptation to treat every story like this as proof that AI is either magic or menace. Real life is usually less dramatic. Most users will not wake up to find a chatbot secretly plotting against them. But plenty of people will bump into smaller problems caused by tools that sound confident, act quickly and are given too much room to improvise. That is the more believable warning here.
The interesting part of this story is that UK-backed researchers are trying to track those incidents in the real world rather than waiting for perfect evidence from lab tests. That seems sensible. For ordinary readers, the takeaway is simpler still: if an AI can click, send, buy, archive or delete, treat it less like a magical brain and more like a very fast trainee. Helpful, often impressive, sometimes worth using — but not someone you leave unsupervised with the keys.
Sources:
Centre for Long-Term Resilience — The Loss of Control Observatory: a prototype to detect real-world AI control incidents
The Guardian — Number of AI chatbots ignoring human instructions increasing, study says
