Our Take
Google DeepMind is funding safety research it admits the field doesn't yet have, which suggests the deployment timeline may be moving faster than the research capacity to understand it.
Why it matters
Autonomous agents are shipping now. The risks (scams, prompt injection attacks, coordinated cyberattacks) are scaled versions of existing internet harms, but researchers still lack basic tools to simulate and predict multi-agent behavior at scale.
Do this week
Security teams: audit your agent deployment for zero-trust assumptions (treat every agent as potentially compromised) before scaling beyond pilot workloads.
Five organizations pool $10M for multi-agent safety research
Google DeepMind, Schmidt Sciences, ARIA (UK government moonshot agency), the Cooperative AI Foundation, and Google.org announced a joint $10 million funding initiative to study the safety of multi-agent AI systems. The funding targets external academic research, not internal lab work.
Rohin Shah, who directs AGI safety and alignment research at Google DeepMind, framed the effort as filling a gap: "The main issue is that there just isn't really a field of research for multi-agent safety yet." The aim is to kickstart work outside tech companies before agent deployment reaches critical mass.
Shah estimates there are "a few more months to go" before agents are deployed throughout the economy in numbers that pose material risk. The concern is that cascading interactions between many agents could trigger scenarios that are now purely hypothetical.
Deployment is outpacing understanding
The specific risks Shah and James Fox (lead of Science of Trustworthy AI at Schmidt Sciences) outlined are not exotic. They are supercharged versions of existing internet harms: scams, prompt injection attacks where malicious instructions hijack an agent, and coordinated cyberattacks. Refael Angel, CTO of cybersecurity firm Akeyless, noted that agents break the core assumption of past security models: "An agent reasons, improvises, and can be hijacked by a single sentence buried in a document it was asked to read."
The research gap is behavioral, not theoretical. Shah and Fox emphasize that realistic simulation is the only way to understand what happens when large numbers of agents interact. Single-agent or small-group testing cannot predict emergent behavior at scale. Some researchers, including teams at Google DeepMind, argue that artificial general intelligence could emerge not from a single super-intelligent model but from a kind of agent hive mind, where collective capability exceeds the sum of parts.
Anthropic has already published deployment guidelines based on zero-trust cybersecurity principles, which assume systems are vulnerable and breaches will occur. That Google DeepMind is funding external safety research on the same problem suggests internal confidence is not yet sufficient for public deployment standards.
Build with containment first
Angel cautioned that safety researchers can overlook present, boring problems in favor of exotic hypothetical ones. But Fox countered that risks deemed hypothetical a few years ago are now operational: "The future's come more quickly than perhaps expected."
For teams deploying agents today, the immediate takeaway is that zero-trust architecture is not optional. Treat every agent as a potential attacker. Assume any prompt, document, or instruction fed to an agent can be weaponized. Sandbox multi-agent deployments and monitor for unexpected coordination patterns. The $10 million in research funding will take time to produce usable safety standards. Your deployment cannot wait for that timeline.