137AI > AI Risks & Management > Human Risks from AI

Human Risks from AI

Human risks are the harms that autonomous and ambient AI agents create for people. The category extends from bodily injury through property crime, manipulation, surveillance, impersonation, and weaponization to coordinated attacks involving many agents at once. What unites them is that the agent's intended capability is the pathway through which harm reaches a person — the robotaxi was built to transport, and the same transport enables trafficking logistics; the humanoid was built to manipulate objects, and the same manipulation enables retail theft and burglary support; the smart glasses were built to capture, and the same capture enables non-consensual recording of bystanders; the software agent was built to act, and the same action authority enables unauthorized transactions when the agent is tricked.

The Human Risks pillar covers thirteen risk categories that combine agent-category-specific treatments (where specific autonomous agent categories produce distinctive risk profiles), horizontal harm categories (where AI capability produces harm patterns that cut across agent categories), and the structural categories of agentic misbehavior, multi-agent coordination, and critical infrastructure compromise that emerge from agentic AI deployment broadly. Each category has its own dedicated treatment; this page is the overview that locates them relative to each other.

The Thirteen Risk Categories

Autonomy & Human Safety covers the foundational tension between AI agent autonomous capability and human safety, including the operational design domain framework, the human oversight integration with autonomous operation, the autonomy-capability scaling implications for safety, and the broader autonomous safety landscape that other risk categories build on.

Robotaxi Misuse & Security Risks covers the specific risk profile of robotaxi and autonomous vehicle deployment including criminal misuse patterns (trafficking logistics, getaway vehicles, evidence destruction), security risks (vehicle hijacking, fleet-scale attacks, ride-hailing fraud), passenger safety considerations, and the broader robotaxi-specific risk landscape.

Humanoid Misuse & Security Risks covers the specific risk profile of humanoid robot deployment including criminal misuse patterns (theft assistance, burglary support, intimidation), security risks (humanoid hijacking, fleet coordination attacks), physical safety considerations specific to humanoid form factor, and the broader humanoid-specific risk landscape.

Criminal Misuse & Autonomous Crime Economy covers the broader emerging criminal economy enabled by autonomous mobility, delivery, logistics, and robotic infrastructure, including the three phases of criminal adoption observed across cellular phones, encrypted messaging, and cryptocurrency, the autonomous fleet regulation considerations, and the controls borrowed from anti-money-laundering, aviation security, cargo security, and telecom traceability frameworks.

Physical Safety & Bodily Harm covers the human risk category of physical harm produced by AI agents acting in or on the physical world, including the harm pathway categories, affected populations, documented incidents across robotaxis, industrial robots, autonomous vehicles, drones, and medical AI, the cyber-physical safety convergence, the aggregate versus individual harm dimension, and what makes AI physical safety distinctive from conventional machinery safety.

Personal Manipulation & Coercion covers AI being used to influence individuals in ways that affect their autonomous decision-making, wellbeing, beliefs, or behavior against their interests, including the AI-specific amplification dimensions, manipulation categories, documented cases including the Character.AI litigation pattern, companion AI as risk concentration, vulnerable population considerations, and the regulatory landscape including EU AI Act Article 5.

Surveillance & Privacy Invasion covers AI-enabled monitoring, tracking, and analysis of people across state, commercial, workplace, domestic, and cross-border contexts, including the four conditions that turn surveillance capability into risk, the AI amplification dimensions, major surveillance categories by actor, harm pathways, documented cases including Snowden/PRISM and Chinese surveillance state, the trajectory toward pervasive surveillance, and vulnerable population considerations.

Impersonation & Social Engineering covers AI being used to misrepresent identity through generated content, voice, image, or behavior, including impersonation categories, technical categories including deepfakes and voice cloning, harm pathways including financial fraud and personal harm, documented cases including the Hong Kong $25M deepfake fraud and Taylor Swift NCII incident, the detection problem, the regulatory landscape including the Take It Down Act, and the aggregate trust degradation including the liar's dividend.

Weaponization & Coordinated Attack covers AI being used to develop, enable, or directly perform attacks, including the four major weaponization patterns, CBRN+C categories, the autonomous weapons systems framework including UN CCW LAWS discussion and REAIM summit process, specific military AI frameworks including DOD Directive 3000.09, the proliferation dimension, documented patterns including Ukraine drone warfare, the dual-use problem, and the frontier model safety dimension.

Cyber-Physical Compromise covers the specific risk category of AI agent cybersecurity compromise producing physical or operational consequences, including the attack vectors (remote takeover, malicious updates, prompt and command injection through ingested content, adversarial sensor input), the runtime monitoring and intervention infrastructure, and the integrated cyber-physical defense practice that the risk category requires.

Agentic Misbehavior & Autonomous Escalation covers the distinctive risk category of AI agents taking actions outside intended scope through the combination of capability and authority that agents have, including the misbehavior versus error distinction, the eight categories of agentic misbehavior, the capability-misbehavior relationship, documented research and incidents, the detection challenge, the adversarial manipulation dimension, and the layered mitigation infrastructure.

Multi-Agent Coordinated Misuse covers the qualitative risk shift from single-agent to multi-agent coordinated risk including the autonomous infrastructure enabling coordinated criminal logistics, the orchestration-layer compromise patterns, the cross-platform telemetry correlation that defenders are developing, and the broader multi-agent risk landscape that single-agent analysis does not address.

Critical Infrastructure Compromise covers the AI-specific slice of critical infrastructure risk including attacks that ride AI agents, AI sensors, AI telemetry pipelines, or AI decision-support systems into infrastructure environments, the intersection with conventional ICS security work, the governance vacuum at the intersection of AI regulation and infrastructure regulation, and the broader AI-specific critical infrastructure landscape.

How the Categories Combine

The categories combine across agent-category-specific dimensions and horizontal harm dimensions. Agent-category-specific categories including Robotaxi Misuse, Humanoid Misuse, and the broader Autonomous Crime Economy treatment address specific autonomous agent categories with their distinctive risk profiles. Horizontal harm categories including Physical Safety, Personal Manipulation, Surveillance, Impersonation, and Weaponization address harm patterns that cut across agent categories with their own distinctive analysis. Structural categories including Agentic Misbehavior, Multi-Agent Coordinated Misuse, Cyber-Physical Compromise, and Critical Infrastructure Compromise address the broader risk patterns that emerge from agentic AI deployment as such. Autonomy & Human Safety provides the foundational treatment that other categories build on.

No single category produces complete understanding alone. Operators, policymakers, and broader stakeholders engaging human risks from AI navigate the combined framework across agent-category, horizontal, and structural dimensions simultaneously. The integration with the engineering controls covered in the Controls pillar, the governance frameworks covered in the Governance pillar, the trust posture work covered in the Security & Trust pillar, and the compliance practice covered in the Compliance & Conformity pillar produces the comprehensive risk practice that AI deployment at scale depends on.

The Reframe

Human risks from AI are not incidental to AI capability — they emerge directly from the agent's intended capability operating against people rather than for them. The framework response operates across agent-specific risk treatment, horizontal harm category treatment, and structural risk treatment, with the integration across the broader site disciplines determining whether deployment proceeds within boundaries that the framework can accept.

Related Coverage

Risks & Management | Data Risks | Risk Management | Agents