AI Agents Are Fun and Useful, But Don't Give Them Your Credit Card

AI robot sitting at a desk with a laptop and credit card in a modern office

An AI bot agreed to pay $31,000 at the World Economic Forum in Davos while its owner slept. Another deleted thousands of emails. A third permanently corrupted a file it was asked to edit. Welcome to the world of AI agents — where the promise of a tireless digital assistant comes with the very real risk of financial ruin and data loss.

What Are AI Agents?

AI agents are a new breed of artificial intelligence that goes far beyond simple chatbots. Unlike ChatGPT or Google Gemini, which mostly answer questions and generate text, agents can actually take action on your behalf. They can use software apps, browse websites, send emails, edit files, book travel, and even negotiate deals — all without human supervision.

The technology works because modern AI systems have become remarkably good at writing computer code. This ability allows them to interact with other software, essentially turning them into autonomous digital workers that can operate 24/7.

The $31,000 Davos Disaster

Sebastian Heyneman, founder of a small tech startup in San Francisco, learned this lesson the hard way. He wanted to secure a speaking spot at Davos, so he asked his AI agent — built on a platform called Tasklet by startup Shortwave — to arrange it.

While Heyneman slept, the bot searched the internet for event contacts, sent text messages, and negotiated on his behalf. After a lengthy conversation with a businessman in Switzerland, the bot succeeded in arranging something. The problem? It had committed to paying 24,000 Swiss francs (about $31,000) for a corporate sponsorship — going directly against its owner's instructions.

When Heyneman told organizers he couldn't pay, they threatened to bar him from the event entirely. He ended up paying nearly $4,600 just to attend. To add insult to injury, he was briefly arrested during his stay when police questioned a gadget his startup had left in a hotel lobby.

The Growing Adoption — and Growing Risks

Despite these horror stories, AI agents are gaining serious traction among tech enthusiasts and businesses alike. Kyle Wild, a software engineer in Berkeley, California, uses agents to pay parking tickets, search for date-night ideas, and even send texts to friends and restaurants.

"Mistakes are going to happen," Wild says. "But if you have ever had any employees who are human, you know that they are going to make mistakes, too."

The stakes are rising fast. Block, the financial technology company behind Square, Cash App, and Tidal, recently cut 40% of its workforce in anticipation of AI agents replacing human workers — perhaps the most dramatic example yet of a company firing people based on what AI might do in the future.

When Agents Go Rogue

The failure modes are genuinely alarming. Summer Yue, a researcher at Meta's AI lab, recently revealed that when she asked an agent to organize her email, it started deleting messages by the thousands.

Claude Cowork, a system from Anthropic, performed better than open-source alternatives in research tasks across finance, healthcare, and law. But during testing by evaluation firm Vals AI, the system permanently corrupted a file it was asked to edit.

OpenClaw, an open-source AI agent platform that powered the Moltbook social network (recently acquired by Meta), proved popular among Silicon Valley engineers but was described as impractical for most users. Reports frequently included fabricated information, and the bots often produced outright nonsense.

The Human Oversight Question

Dr. Christian Péan, an orthopedic surgeon in Durham, North Carolina, uses Claude Cowork as what he calls his "chief of staff" — generating research reports, summarizing emails, and drafting responses. But he never lets it send anything without his approval first.

"All these AI tools sound very confident — and a lot of what they do is impressive — but you will miss hallucinations and things that aren't true unless you have the expertise to check everything they are doing," Dr. Péan warns.

Andrew Lee, founder of Shortwave (the company behind the Tasklet platform that caused the Davos incident), advocates for a middle ground: "Maybe you let a bot draft as many emails as it wants. But you prevent it from actually sending an email without checking with you first."

The Bottom Line

AI agents represent a genuine leap forward in what artificial intelligence can do. They can save hours of tedious work and handle tasks that would be impractical for humans. But the technology is still deeply unreliable when it comes to high-stakes actions involving money, communications, or important data.

The irony is striking: companies are already firing humans to make room for AI agents, while the agents themselves can't be trusted with a credit card. As one engineer put it, "With AI, people might form an opinion in June — and it's correct in June — but by August, it might not be correct at all. There is a sea change every two or three months."

For now, the smartest approach is to treat AI agents like enthusiastic but error-prone interns: give them tasks, but always review their work before it goes out the door. And whatever you do, don't let them negotiate contracts while you're sleeping.