Onpode
Cover art for AI-generated workflows are automating tasks successfully — but teams can't see how or why

AI-generated workflows are automating tasks successfully — but teams can't see how or why

June 30, 2026 · 7 min

Spuds Oxley & Hope Sterling

An analysis of 847 AI agent deployments in 2026 found 76% failed in production, while 1.5 million corporate AI agents run with no monitoring or audit trail. Security experts say the problem isn't broken AI — it's AI that appears to work but whose decisions no one can inspect or explain.

Security researchers and industry analysts are raising alarms about a growing "comprehension gap" in enterprise AI deployments: automated workflows that produce useful outputs while remaining opaque to the humans nominally overseeing them.

0:007:00
Make your own on Onpode

Describe any topic. Hear it in minutes.

About this episode

AI-generated workflows are completing tasks, filing clean audits, and raising no alarms. That's the problem. This episode works through a genuinely unsettling gap: automation that functions, but that no one inside the organization can explain, inspect, or verify. Drawing on a Gravitee analysis of 847 live agent deployments — 76% of which failed in production — and research flagging 1.5 million corporate AI agents running without monitoring or governance, the episode asks what it means to call something a success when nobody can open it up and check. Check Point's Oded Vanunu makes a point that keeps echoing: this isn't a tooling problem that matures away. The architecture itself resists inspection. The episode also takes apart the Trump administration's temporary restrictions on models like Mythos 5 and Fable 5, and why those moves — however they were framed — never touched the actual question of whether the agencies receiving these tools can audit what they do. The harder consequence, raised by Sharon Goldman, is that restricting governed models just pushes organizations toward less traceable alternatives. What the episode leaves you with isn't panic. It's a single, unresolved question about what trust actually means when the silence is indistinguishable from safety.

Frequently asked

Why are AI-generated workflows considered a security risk if they're working correctly?

AI-generated workflows are a security risk precisely because they appear to work — no one can inspect how or why. Oded Vanunu of Check Point Software has said security tools are architecturally blind to these systems: they cannot understand or control AI-driven automation even when it runs without visible errors.

How many AI agents are running in enterprises without oversight?

Research cited by Gravitee identified 1.5 million corporate AI agents deployed with no monitoring, no governance, and no audit trail. A separate analysis of 847 agent deployments in 2026 found 76% failed in production in live environments, including Microsoft 365, where AI automation granted excessive permissions unchecked.

Is cybersecurity AI actually autonomous or does it still need human oversight?

Much cybersecurity AI marketed as fully autonomous is actually semi-autonomous and still requires human judgment at critical decision points, according to arXiv research from June 2025. The mislabeling is consequential: because the systems are labeled autonomous, organizations remove human oversight at exactly the moments it is most needed.

Did U.S. government restrictions on AI models like Mythos 5 address the security comprehension gap?

U.S. government restrictions on models including Mythos 5 and Fable 5 did not address the security comprehension gap. Mythos 5 was later distributed to over 100 U.S. agencies without any mechanism for those agencies to audit what it was doing inside their systems. The restrictions controlled access, not transparency.

Why is the 76% AI agent failure rate probably an undercount?

The 76% production failure rate for AI agent deployments in 2026 counts only failures that were reported. Organizations that quietly buried broken deployments — because admitting to leadership that they had lost visibility into their own security systems carried its own reputational risk — are not reflected in that figure, making the real count likely higher.

Grounded in 10 sources
Bridging the Gap between Network Security and AI-Driven Threat Detection · doi.org
AI-Driven Observability for Managing Security Complexity in Cloud-native Microservices and Containerized Environments · doi.org
Trump administration asks OpenAI to limit next model release over security concerns - Axios · axios.com
White House asks OpenAI to limit its next model release - CNN · cnn.com
Anthropic Gets US Government's Permission To Redeploy Its Mythos Cybersecurity AI Model · engadget.com
Trump administration releases Anthropic Mythos to be used by more than 100 US companies, agencies | TechCrunch · techcrunch.com
It’s not about Anthropic vs. OpenAI anymore - TechCrunch · techcrunch.com
The White House is asking OpenAI to slow roll the release of its new model over safety concerns - TechCrunch · techcrunch.com
OpenAI limits GPT-5.6 rollout after government request, says restrictions shouldn’t be the norm | TechCrunch · techcrunch.com
Anthropic’s Mythos mess is only getting worse - The Verge · theverge.com
Read transcript

Hope Sterling: Hey — tell me you saw the Dark Reading piece, because I've been sitting with it since yesterday and I genuinely don't know how to feel.

Spuds Oxley: I did. Read it twice.

Hope Sterling: Twice — yeah, that tracks. Because the framing is — it's not 'AI is broken,' it's 'AI is working and nobody knows why or how,' and that's like, that's the thing that got me. Automation that works, but that no one understands.

Spuds Oxley: Well, and then you layer in what Gravitee found — 1.5 million corporate AI agents, no monitoring, no governance, no audit trail — and that framing gets teeth.

Hope Sterling: Stop. One point five million.

Spuds Oxley: And an analysis of 847 agent deployments in 2026 found 76% failed in production. Real data. Real consequences. Not sandboxed simulations — actual live environments, including Microsoft 365, where you've got AI-driven automation handing out excessive permissions and nobody flagging it.

Hope Sterling: And Oded Vanunu at Check Point Software basically confirmed it — security tools are blind to this. Can't understand it, can't control it. So three out of four deployments are failing, a million and a half are unwatched, and the watchdogs can't see either. That's — I mean, what are we even calling success here?

Spuds Oxley: Think about a smoke detector that beeps green all night. If it works, great. But if you can't open it up and check whether it's actually sensing smoke or just blinking on a timer — do you feel safe?

Hope Sterling: Oh that's — yeah. That's the thing exactly.

Spuds Oxley: That's where we are. And what Oded Vanunu is actually saying — when you sit with it — he's not saying Check Point is behind and they'll catch up. He's saying the architecture itself resists inspection. The comprehension gap isn't a bug. It's baked in.

Hope Sterling: Wait, so it's not — like, it won't just get better when the tools mature?

Spuds Oxley: That's the new part. And there's something that compounds it — arXiv research from June 2025 found that a lot of what's being sold as fully autonomous cybersecurity AI is actually semi-autonomous. Still needs a human at the critical decision points. But it's labeled autonomous, so... nobody puts a human there. The mislabeling isn't a marketing fib. It's a design choice that removes oversight at exactly the moment you need it most.

Hope Sterling: Okay that is genuinely — I mean, that's not a transparency problem, that's like, actively removing the safeguard and calling it a feature?

Spuds Oxley: And then the 76% number. That only counts the failures someone admitted to. The organizations that quietly buried a broken deployment because — well, because telling your leadership you've lost visibility into your own security system is its own kind of catastrophe. The real count is probably much darker.

Hope Sterling: Okay but here's the take that's been circulating that I cannot let stand — people are pointing at the Trump administration restricting GPT-5.6, pulling Mythos 5 and Fable 5 for two weeks, and going 'see, the government's doing security work.' That's the story. And I'm like — is it though?

Spuds Oxley: But isn't limiting who touches a black box at least something?

Hope Sterling: That's — I mean, I get why it sounds like something! But walk through what actually happened. Mythos 5 and Fable 5 get yanked. Two weeks later the administration softens, and Mythos 5 goes out to over a hundred U.S. agencies anyway. Nothing — like, literally nothing in that whole saga touched whether those hundred agencies can audit what Mythos 5 is doing inside their systems.

Spuds Oxley: They moved the box. They didn't open it.

Hope Sterling: Yes! And Quinn Slack — Sourcegraph CEO — put this on X and it got hundreds of reposts. He said restricting models is just 'government deciding who gets intelligence.' That 'freedom of intelligence' is the only stable approach. Which, wait — I'm not sure I fully buy the libertarian read on it, but the core point lands.

Spuds Oxley: And there's a harder consequence underneath that. Sharon Goldman flagged it — restricting the auditable frontier models just pushes organizations toward China's open-weights alternatives. Less governed. Even less traceable.

Hope Sterling: So you restricted the problem into a worse problem. And OpenAI even said the restrictions shouldn't become the norm — like their own statement! The comprehension gap is completely intact. Nobody touched it.

Spuds Oxley: You know what question I keep turning over — and I don't have an answer for it. If your AI security system ran perfectly for six months. No alerts, no breaches, clean audits every single time. Would you trust it more than a system that failed in ways you could actually see and explain? Because Dark Reading's whole framing — automation that works, but that no one understands — that's not a warning about broken systems. It's a warning about the ones that seem to be running fine. And nobody in that whole sequence, not the Trump administration pulling Mythos 5, not OpenAI restricting Sol and the rest of the GPT-5.6 lineup to trusted partners — nobody asked whether access comes with comprehension. That question is just... still out there.

Hope Sterling: The six months of perfect — I think that might actually be scarier. Like, I don't know, the silence would get to me more than the failure would.

Spuds Oxley: Truth is, I think that's where we are. Sitting with that.