内容来源：https://www.technologyreview.com/2026/06/11/1138794/google-deepmind-is-worried-about-what-happens-when-millions-of-agents-start-to-interact/

内容总结：

谷歌DeepMind预警：百万AI智能体交互或引发新型安全风险

随着人工智能体（AI Agent）大规模部署并自主交互的时代即将到来，谷歌DeepMind近日发出警告，呼吁科学界加大对多智能体系统潜在风险的研究。该公司指出，当数百万个无需人类监督即可执行任务的AI智能体在网络上相互协作时，将催生全新的安全威胁类别。

为应对这一挑战，谷歌DeepMind联合施密特科学基金会、英国政府“登月计划”机构ARIA、合作AI基金会及谷歌慈善部门Google.org，共同设立1000万美元的研究基金，专门资助学者探索多智能体系统的行为模式及安全防护方案。DeepMind AGI安全与对齐研究负责人罗欣·沙阿表示，当前学术领域几乎不存在针对多智能体安全的研究体系，这笔资金旨在激活外部科研力量：“学术界的长处在于能前瞻性地思考产业实验室尚未聚焦的远期问题。”

沙阿警告，随着AI智能体在经济体系中大规模部署，可能很快达到一个临界点，使潜在风险从假设变为现实。他预估，距离这一风险真正显现还有约数月时间，必须提前布局。具体风险包括：AI驱动的诈骗、提示注入攻击（将智能体变为自导式恶意软件）等，本质上是当前互联网威胁的“超级升级版”。施密特科学基金会项目负责人詹姆斯·福克斯强调：“数字公共空间是社会运作的基石，绝不能让它在AI交互中陷入彻底混乱。”

研究团队认为，唯有通过构建逼真沙盒环境，模拟海量AI智能体同时交互的复杂场景，才能预见系统性风险。目前，仅靠研究单个或少量智能体无法预测涌现行为，基于大语言模型的智能体更可能做出非理性决策。

值得注意的是，谷歌DeepMind并非唯一预警机构。人工智能公司Anthropic近期也发布指南，建议对AI智能体采用“零信任”网络安全策略。以色列网络安全公司Akeyless联合创始人拉斐尔·安吉尔指出：“传统安全方案假设机器执行固定代码，但具备推理和即兴行动能力的AI智能体打破了所有预设。一份被要求阅读的文件中隐藏的一句话，就可能劫持整个系统。”他认可多机构联合投资的重要性，但提醒研究机构需警惕过度关注科幻式风险，而忽视已存在的现实问题。

中文翻译：

谷歌DeepMind担忧：当数百万个智能体开始互动时会发生什么
该公司呼吁更多科学家研究多智能体系统的风险。
谷歌DeepMind正在资助研究，探讨数百万个不同AI智能体在线相互交互时可能出现的危险情况。
根据该公司AGI安全与对齐研究负责人罗欣·沙阿的说法，能够无需人类监督执行任务、并遵循其他智能体指令的智能体大规模进入市场，将带来全新的风险类别。
为应对这一问题，上个月在谷歌I/O大会上将智能体工具作为核心内容的谷歌DeepMind，已与其他多家组织合作，宣布设立1000万美元的基金，供研究人员研究多智能体系统的行为，并制定防止不安全场景的方法。与谷歌DeepMind合作的包括由埃里克·施密特和温迪·施密特创立的慈善基金会施密特科学；英国政府的“登月计划”机构ARIA；英国非营利研究机构合作式AI基金会；以及谷歌旗下的慈善部门Google.org。
我问沙阿和施密特科学可信AI科学项目负责人詹姆斯·福克斯，他们希望通过这1000万美元实现什么目标。这笔钱不算少，但与谷歌DeepMind自身研究团队所掌握的预算相比，仍相形见绌。
沙阿表示，目标是推动科技公司之外的研究：“学术界的优势在于，它能够真正着眼于长远的未来，进行那些行业实验室尚未优先考虑的工作。”
他补充道：“主要问题在于，目前多智能体安全领域实际上还没有一个明确的研究方向。我们希望它能够出现。”
令人担忧的是，随着越来越多的AI智能体被部署并开始协同工作，我们可能会达到一个临界点，使原本想象中的场景变成现实。“我们在人类身上也看到了这一点，”沙阿说，“我们的机构能够完成任何个人都无法做到的事情。”
沙阿认为，距离智能体在整个经济领域大规模部署、使潜在风险成为真正令人担忧的问题，还有几个月的时间。他希望在此之前抢占先机。

风险业务

我们具体在谈论什么风险？沙阿和福克斯设想的情况，大多归结为互联网上已经存在的各种坏事的高强化版本：诈骗、提示注入（即向AI智能体输入恶意指令，使其变成自我引导的恶意软件），以及其他形式的网络攻击。沙阿说，我们观察人类现在的行为，然后问自己，这些行为的智能体版本会是什么样子。
“我们拥有的数字公共空间是社会运行不可或缺的一部分，必须确保它不会陷入彻底的混乱，”福克斯说。
（我问沙阿，他们是否考虑过更极端的灾难性场景，比如大规模经济崩溃。“当然不是指今年年底之前，”他说。那只有六个月了！他笑了。“好吧，那之后的一段时间。”）
沙阿和福克斯都认为，理解大量多智能体系统相互交互可能发生的情况的唯一方法，就是进行逼真的模拟。他们希望研究人员将AI智能体放入沙盒环境中，并研究它们的行为。
你无法通过孤立地研究单个智能体、甚至小规模群体来预测会发生什么。福克斯说，不能假设以大型语言模型为基础的AI智能体总是会理性行事。而复杂性来源于同时进行海量交互。
包括谷歌DeepMind的一个团队在内的一些研究人员认为，通用人工智能（如果可能实现的话）可能并非来自单一的超智能模型，而是来自一种智能体蜂群思维，其整体能力大于各部分之和。

缺乏信任

谷歌DeepMind并非唯一警告自身构建技术风险的顶级AI公司。几周前，Anthropic发布了一份基于零信任网络安全方法部署AI智能体的指南，其出发点假设计算机系统存在漏洞，智能体是攻击者，入侵行为会发生。
总部位于特拉维夫的网络安全公司Akeyless的联合创始人兼首席技术官拉斐尔·安吉尔同意，理解基于智能体的系统所带来的新风险至关重要。
安吉尔说，过去每种安全方法都假设所讨论的机器是由人类编写的软件，在固定的路径上执行固定的操作：“智能体打破了所有这些假设。它会思考、会即兴发挥，并且可能被它被要求阅读的文档中隐藏的一句话所劫持。”
安吉尔欢迎这笔新资金。“没有任何一个实验室应该独自制定所有人都必须信任的安全标准，”他说。但他提醒，安全研究人员可能会忽略已经存在的、乏味的问题，而倾向于更离奇的假设性问题。
然而，福克斯指出，几年前还是假设性的风险，如今已变得非常真实：“未来来得比预想的要快。”

深度探析
人工智能
想了解AI的现状？看看这些图表。
根据斯坦福大学2026年AI指数报告，AI正在飞速发展，我们正努力追赶。
当前AI领域最重要的10件事
《麻省理工科技评论》对2026年AI领域10大技术、新兴趋势、大胆思想和强大运动的权威综述。
美国新推出的基督徒专用手机网络旨在屏蔽色情与性别相关内容
该手机套餐将于下周在T-Mobile网络上推出，采用了一种网络安全的核武级手段。
马斯克诉奥特曼第一周：马斯克称自己受骗，警告AI可能毁灭全人类，并承认xAI蒸馏了OpenAI的模型
马斯克保持冷静，而OpenAI的律师用尖锐的问题抨击他起诉公司的动机。

保持联系
获取来自
《麻省理工科技评论》的最新资讯
发现特惠、头条故事、即将举行的活动等更多内容。

英文来源：

Google DeepMind is worried about what happens when millions of agents start to interact
The firm is calling for more scientists to study the risks of multi-agent systems.
Google DeepMind is funding research into the potential dangers of situations where millions of different AI agents interact with each other online.
According to Rohin Shah, who directs the company’s AGI safety and alignment research, the mass-market arrival of agents that can carry out tasks without human oversight and follow instructions given to them by other agents creates a whole new class of risk.
In an effort to address this, Google DeepMind—which made agent-based tools a centerpiece of Google I/O last month—has teamed up with several other organizations to announce a $10 million funding pot for researchers to study the behavior of multi-agent systems and come up with ways to prevent unsafe scenarios. Joining Google DeepMind are Schmidt Sciences, a philanthropic foundation set up by Eric and Wendy Schmidt; ARIA, the UK government’s moonshot agency; the Cooperative AI foundation, a UK-based nonprofit research outfit; and Google’s charitable arm, Google.org.
I asked Shah and James Fox, who leads the Science of Trustworthy AI program at Schmidt Sciences, what they hope to achieve with that $10 million. It’s no small sum, but it’s dwarfed by the budgets commanded by Google DeepMind’s own research teams.
The aim is to kick-start research outside tech companies, says Shah: “The strength of academia is that it can look really quite far into the future and do the kind of work that isn’t top of mind at industry labs.”
“The main issue is that there just isn’t really a field of research for multi-agent safety yet,” he adds. “And we would like there to be.”
The concern is that as more and more AI agents get deployed and begin working together, we could hit a tipping point where imagined scenarios become real. “We see this with humanity, too,” says Shah. “Our institutions can accomplish things that no individual human can.”
Shah thinks we have a few more months to go before agents are deployed throughout the economy in numbers that make potential risks a real concern. He wants to get ahead of that moment.
Risky business
What risks are we talking about, exactly? The possibilities that Shah and Fox have in mind mostly boil down to supercharged versions of bad things that happen on the internet already: scams, prompt injections (where an AI agent is fed malicious instructions, turning it into a self-guiding piece of malware), other forms of cyberattack. We look at what humans do now and ask what the agent version of that would be, says Shah.
“We’ve got this digital commons that is integral to how society works, and you really want to ensure that this doesn’t descend into just absolute anarchy,” says Fox.
(I asked Shah if they were considering any worst-case scenarios more on the doomer end of the spectrum, such as widespread economic collapse. “Certainly not if we’re talking by the end of the year,” he said. That’s only six months away! He laughed. “Okay, a while after that.”)
Shah and Fox both think that the only way to understand what might happen when large numbers of multi-agent systems interact with each other is to run realistic simulations. They want researchers to drop AI agents into sandboxes and study what they do.
You can’t predict what’s going to happen by studying single agents, or even small groups of agents, in isolation. You can’t assume that AI agents underpinned by LLMs will always act rationally, says Fox. And the complexity comes from having huge numbers of interactions at once.
Some researchers, including a team at Google DeepMind, have argued that artificial general intelligence (if possible at all) could come not from a single super-smart model but from a kind of agent hive mind, where the capabilities of the whole add up to more than the sum of its parts.
Lack of trust
Google DeepMind is not the only top AI firm warning about the risks of the technology it is building. A couple of weeks ago, Anthropic published guidelines for deploying AI agents based on an approach to cybersecurity known as zero trust, which starts with the assumption that a computer system is vulnerable, an agent is an attacker, and a breach will happen.
Refael Angel, cofounder and CTO of Akeyless, a cybersecurity firm based in Tel Aviv, agrees that understanding the new risks introduced by agent-based systems is crucial.
Every approach to security in the past has assumed that the machine in question was software written by a human, doing fixed things on fixed paths, says Angel: “An agent breaks all of those assumptions. It reasons, it improvises, and it can be hijacked by a single sentence buried in a document it was asked to read.”
Angel welcomes this new funding. “No single lab should author the safety standards everyone else has to trust,” he says. But he cautions that safety researchers can overlook boring problems that are already here in favor of more exotic hypothetical ones.
And yet, Fox notes, risks that were hypothetical a few years ago are now very real: “The future’s come more quickly than perhaps expected.”
Deep Dive
Artificial intelligence
Want to understand the current state of AI? Check out these charts.
According to Stanford’s 2026 AI Index, AI is sprinting, and we’re struggling to keep up.
10 Things That Matter in AI Right Now
MIT Technology Review's authoritative overview of the 10 technologies, emerging trends, bold ideas, and powerful movements in AI in 2026.
A new US phone network for Christians aims to block porn and gender-related content
Launching next week on T-Mobile's network, the cell plan takes a nuclear approach to online safety.
Musk v. Altman week 1: Elon Musk says he was duped, warns AI could kill us all, and admits that xAI distills OpenAI’s models
Musk kept his cool, and OpenAI’s lawyer bulldozed him with piercing questions about his motivations for suing the company.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.