The AI Agents Are Already Here

They’re unmasking your employees, running your sales floor, and making decisions nobody audited. The governance gap isn’t coming. It arrived.

You have AI agents operating in your organization right now. Some of them you know about. Some you don’t. A few have login credentials. One or two are sending emails to your customers on your behalf, at this moment, without a human reading them first.

Meanwhile, researchers at ETH Zurich and Anthropic just published a paper showing that AI agents can unmask pseudonymous social media accounts for $1 to $4 per person, at 67% accuracy with 90% precision. The whole experiment cost less than $2,000. The protection you assumed you had (that linking a pseudonymous Reddit account to a real-world LinkedIn profile was too labor-intensive to do at scale) is gone.

Three stories broke in the last 72 hours that look unrelated. They’re not. They’re the same story from three angles. Agents already act. Enterprises haven’t built governance for what agents already do. And the economics of human work changed permanently, quietly, while everyone was watching the AI safety hearings.

What AI Agents Can Already Do to You

The ETH Zurich/Anthropic paper is worth reading carefully. Not for the technical achievement (the methodology is elegant but not surprising), but for what it reveals about the assumptions everyone has been operating under.

The concept is called “practical obscurity.” Your scattered, pseudonymous posts across Reddit, Hacker News, and Twitter are effectively private not because the data is hidden, but because linking them to your real identity would take a human investigator weeks of manual work. At scale, across millions of profiles, that labor cost made mass deanonymization economically impossible.

arXiv paper 2602.16800 dissolves that assumption permanently. The pipeline runs three steps: an LLM extracts identity-relevant features from a pseudonymous post history (writing style, niche interests, cross-platform references, location hints), semantic embeddings search for candidate matches across LinkedIn and the open web, then the model reasons over the top candidates to verify the match and cut false positives. At 67% recall and 90% precision, it outperforms the best prior non-LLM methods by a margin that isn’t noise. Classical approaches achieved near 0% recall on the same task.

Cost per profile: $1 to $4. The researchers unmasked Hacker News users to LinkedIn profiles. They re-identified 9 out of 125 participants from Anthropic’s own interviewer dataset. The entire experiment ran for under $2,000.

The practical obscurity era is over. What replaced it isn’t some sophisticated intelligence operation. It’s a pipeline that a moderately skilled team can stand up over a weekend. The implications don’t stop at privacy advocates. Any executive with employees who maintain pseudonymous accounts (security researchers, whistleblowers, HR staff in sensitive situations, anyone with a professional firewall between their personal online presence and their employer) now operates in a different threat environment. The firewall cost $0 to maintain because it cost too much to breach. Now it costs $4.

What Enterprises Haven’t Built for Agents

While the deanonymization paper got coverage, the piece on agentic guardrails was mostly ignored. That’s backwards. The deanonymization story is alarming. The guardrails story is where the liability lives.

Gartner’s projection deserves a full stop: fewer than 5% of enterprise applications had embedded AI agents in 2025. By end of 2026, that number hits 40%. An 800% increase in one year. In the same report, Gartner projects 40% of agentic AI projects will fail by 2027, citing escalating costs, unclear business value, and inadequate governance as the primary failure modes.

The Forbes framing is right: the invisible giant isn’t the model. It’s the agent running silently in the background, touching live systems, making decisions, with no human checkpoint in the loop. Most governance frameworks were built for conversational AI, systems that respond to prompts and wait. Agentic AI doesn’t wait. It acts. It sends the email, executes the query, modifies the record, books the meeting. The audit trail question every CISO should be asking (“can I show every action our agents took last Tuesday?”) most enterprises can’t answer yet.

BNY (NYSE: BK) is further along than most. The bank has 134 “digital employees” deployed, given login credentials, assigned to specific teams, operating autonomously. Their Eliza platform supports 20,000 human employees building custom agents. BNY’s approach is deliberate and their governance architecture is visible. But BNY has a dedicated AI infrastructure team, a CIO talking about it publicly, and regulatory scrutiny that forces documentation.

Most companies don’t. Most companies have agents running in procurement, customer success, and IT ticket management, and nobody has asked: who’s responsible when one of those agents makes a decision that causes harm?

This is the Mobile ’10 parallel that most people aren’t drawing. When the App Store won and millions of developers built businesses on top of it, many of them deployed features that violated Apple’s terms without ever reading them carefully. That governance gap cost some developers their entire business. Not through malice. Through inattention. Enterprises deploying agents today without documented governance are running the same risk. The difference: Apple’s terms cost you your app. An AI agent making autonomous procurement decisions or accessing customer data without proper controls could cost you something much larger.

MIT Technology Review’s guide to agentic governance makes the right distinction: guardrails are reactive constraints. Governance is the proactive framework that defines what’s acceptable, who’s accountable, and how every agent action gets audited. Most companies have guardrails. Almost none have governance.

What AI Agents Are Replacing Without Anyone Noticing

The SaaStr story is the most deceptively framed of the three. Every headline calls it a job displacement story. It’s not. It’s a billing model story.

Jason Lemkin, founder of SaaStr, replaced his team of 10 SDRs and AEs with 20 AI agents managed by 1.2 humans. Revenue stayed flat. Volume went up tenfold: humans sent 7,000 emails, AI agents now send 70,000. The AI inbound agent closed over $1M in revenue in its first 90 days. His summary, January 2026: “We’re done hiring humans” for SDR and AE work below enterprise tier.

The framing matters. Lemkin isn’t celebrating job destruction. He’s describing what the reps were actually doing: research, email drafting, follow-up scheduling, lead qualification, CRM data entry, off-hours response. That’s the work that consumed most of their time. Agents do all of it faster, cheaper, and without cherry-picking the leads that look easiest to close.

We’ve seen this movie before. The ATM parallel gets cited often, but the mechanism is usually misunderstood. ATMs didn’t eliminate bank tellers. They reduced the cost of opening a branch so dramatically that banks opened more branches and hired more tellers. What changed: the job changed. The work a machine couldn’t do (relationship management, exception handling, trust) became the core of the role. The tellers who advanced were the ones doing relationship banking, not cash dispensing.

The Lemkin insight is structurally identical. The reps billing for research and email volume are being replaced. The reps building genuine enterprise relationships (doing work a well-trained agent can’t replicate) are going to be more valuable, not less. But the reps in the middle, doing task execution dressed up as relationship work, are already replaced. The CFO just hasn’t noticed yet.

Or rather: the CFO is about to run the SaaStr numbers. When they do, the math isn’t subtle. Ten people versus 1.2 people plus a platform subscription, same revenue, 10x volume. That calculation doesn’t require a board presentation.

The Gap That Connects All Three

Step back and the pattern is clear.

AI agents can now deanonymize your employees’ personal online lives at $4 per profile. Your enterprise almost certainly doesn’t have a policy for what happens when a hostile actor (or a curious competitor) runs that pipeline against your workforce. The practical obscurity assumption that protected your employees was economic, not architectural. The economics changed this quarter.

AI agents are being deployed inside enterprises at 800% growth rates with governance frameworks built for a different technology. The invisible giants (the agents running in procurement, customer success, and operations) are making decisions that will eventually be wrong in ways that cost real money. The question isn’t whether that happens. It’s whether anyone can produce the audit trail when it does.

AI agents are already handling the work that sales reps were billing for. Not hypothetically. Not “soon.” At SaaStr, a company run by one of the most credible operators in SaaS, agents closed $1M in 90 days and the human headcount dropped from 10 to 1.2. The CFOs who haven’t asked the question yet are one budget cycle away from being asked it by their boards.

The thread through all three: agents aren’t approaching. They’re operating. The gap isn’t between capability and deployment. Enterprises are deploying fast. The gap is between deployment and governance, between what agents can do and what we’ve consented to, planned for, or built accountability systems around.

In our previous post on the Forbes Cold War framing, we made the case that strategy papers don’t win technology races. Shipping does. The same logic applies here. The organizations that handle the agentic transition well aren’t the ones writing governance whitepapers. They’re the ones who already know what every agent in their stack did last Tuesday and can prove it.

What This Means for Business Leaders

Three things to do this week, not this quarter.

First, run the deanonymization audit. Pull a list of employees in sensitive roles: security, HR, legal, executive. Assume a hostile actor could unmask any pseudonymous social media presence they maintain for $4 per profile. What’s the exposure? This isn’t a future risk management exercise. The ETH Zurich paper is dated February 2026. The capability exists now.

Second, answer the audit trail question. Ask your CTO or CISO: for every AI agent running in production, can you produce a complete log of every action it took in the last 30 days, every decision it made, every external system it touched? If the answer is “mostly” or “we’d have to check,” you have a governance gap. Gartner’s projection that 40% of agentic projects fail by 2027 due to governance (not model quality, governance) is a management problem, not a technology problem.

Third, run the SaaStr math. Take your SDR and AE headcount for deals under $50K. Calculate fully-loaded cost per rep. Ask your VP of Sales what percentage of their time goes to research, email, follow-up, and CRM hygiene versus actual relationship and negotiation work. The answer is usually north of 60%. An AI platform doesn’t replace relationship work. It replaces everything else. That calculation is ready to run now, and your board will eventually ask you to make it.

The agents are already here. The organizations that get ahead of this aren’t the ones that moved fastest on deployment. That race is largely over. They’re the ones building accountability systems for agents before they have a reason to need them.

---

Show me the incentive and I’ll show you the outcome.” — Charlie Munger

The incentive right now is deployment speed. The accountability will come when it’s too expensive to ignore. Build it before then.

— Harry & Anthony

Sources:

• ETH Zurich/Anthropic: Large-scale online deanonymization with LLMs (arXiv 2602.16800)
• Guardian: AI allows hackers to identify anonymous social media accounts, study finds
• MIT Technology Review: The Invisible Giant — agentic AI guardrails
• MIT Technology Review: From guardrails to governance
• Gartner: 40% of enterprise apps will feature task-specific AI agents by 2026
• SaaStr: The Honest Reason AI Will Beat Many Sales Reps
• Lenny’s Newsletter: We replaced our sales team with 20 AI agents
• CNBC: BNY digital employees and AI bootcamps
• Karpathy AutoResearch GitHub