Google DeepMind is funding outside researchers to study what happens when AI agents start interacting with each other at scale. The pot: $10 million. The timeline for the problem becoming real: a few more months, according to DeepMind researcher Shah.

What the Money Is For

The initiative targets multi-agent safety as a "nascent field" -- meaning most of the research so far has been done inside tech companies with obvious incentives to downplay risks.

Partners include Schmidt Sciences, ARIA (the UK government's moonshot agency), the Cooperative AI Foundation, and Google.org. The research methodology involves running large-scale sandboxed simulations with many AI agents to study emergent behavior before it shows up in production.

The timing is notable. Google made agent-based tools a centerpiece of Google I/O in May 2026. The safety funding came shortly after.

The Identified Risks

Three categories surface in DeepMind's framing: scams, prompt injections, and cyberattacks.

The prompt injection concern is worth unpacking. The scenario is an AI agent receiving malicious instructions embedded in data it processes, then acting on those instructions autonomously. The agent becomes, as researchers describe it, "self-guiding malware." The agent doesn't know it's been hijacked. Neither does the user.

The underlying problem: LLM-backed agents cannot be assumed to always act rationally. Add millions of them interacting, and emergent complexity becomes hard to predict or control.

A Separate Framing Worth Noting

Some Google DeepMind researchers have argued that AGI might not arrive via a single super-smart model. The alternative: a multi-agent hive mind where collective behavior produces capabilities that no individual model possesses. That framing makes the safety research feel less like a liability hedge and more like preparation for something the researchers genuinely think is coming.

Anthropic published guidelines for deploying AI agents based on a zero-trust cybersecurity approach. The basic idea: treat every agent interaction as potentially compromised, verify continuously, grant minimal permissions. Standard security practice applied to a new threat surface.

What This Suggests

The $10 million is not large relative to what these organizations spend on capability research. What it signals is that the safety field for multi-agent systems is early enough that outside researchers haven't been working on it systematically.

Shah's "few more months" estimate for meaningful deployment scale is an unusually specific public claim from someone inside one of the companies building these systems. Either the timeline is accurate and the research funding is late, or it is conservative and there is more runway than it suggests.

Either way, the sandboxed simulations are the right methodology. The alternative is studying emergent behavior after it has already emerged in production.

Source: Technologyreview

Related Articles

• OpenAI Adds Sandboxing to Agents SDK for Controlled Agent Workspaces
• ChatGPT's Lockdown Mode Cuts Prompt Injection Surface, Not All of It
• Anthropic Ships Opus 4.8, Holds Back Mythos on Security Grounds