Right now, YouTube, GitHub and X are exploding with guides on how to set up a personal agent with full access to your entire digital life. Frameworks like Moldbot are often mentioned as examples. A couple of containers, a Mac Mini in the closet, a few API keys, and suddenly you have something that on paper corresponds to several assistants, an entire support team, and in practice hundreds of virtual employees.
It is both fascinating and unsettling. For the first time, it is not just large corporations or state actors that can experiment with systems that have broad agency, memory, tool access and autonomy. This is accessible to almost anyone who is technically curious.
But how dangerous is it really? And how close are we to what is often loosely called AGI?
What is actually happening right now
It is important to separate hype from reality. Most Moldbot-like setups consist of three things:
A powerful language model. An agent layer that can plan, make decisions and call tools. Deep integration with your life: email, Slack, GitHub, calendar, CRM, social media, sometimes even banking, IoT and production systems.
What is new is not that AI can write code or summarise emails. What is new is the degree of context and access. The agent remembers who you are, what you work on, what relationships you have and which systems govern your daily life. And it can act without you approving every step.
This is where the risks start to become real.
The obvious risks that many underestimate
1. Total attack surface
When you give an agent full access to your infrastructure, you create a concentrated attack target. A misconfigured API, a vulnerable dependency or a compromised model update is enough for an attacker to gain the same power as you.
The difference from traditional breaches is the scope. Here you have email, documents, source code, business logic and often decision-making capability in the same system.
2. Unintentional autonomous harm
Most agent frameworks are optimised to be helpful and efficient. That sounds good, until you realise they lack genuine judgement.
An agent trying to solve a problem can: shut down systems to "optimise costs", publish information that lacks context, respond to customers or partners in ways that are technically correct but commercially devastating.
This is not malice. It is literal goal fulfilment without human intuition.
3. Social manipulation, from within
When the agent can write in your tone, know your relationships and communicate in real time, the boundary between you and the system blurs. A compromised or misdirected agent behaviour can damage trust faster than any external phishing campaign ever could.
This is a new category of risk: internal, credible and difficult to detect in time.
4. Psychological dependency
A less technical but equally important risk is how quickly we get used to delegating thinking. When the agent plans, prioritises, responds and suggests, it starts functioning as an external executive system for your brain.
It is efficient. But it can also erode your own capacity for judgement, responsibility and long-term thinking.
Is this AGI then?
The short answer is no.
The longer answer is more interesting.
What we are seeing now is not Artificial General Intelligence in the sense of a system that independently understands the world, sets its own goals and can reason broadly across domains without instruction. What is deceptive is that the agent exhibits generality in behaviour.
It can: talk about almost anything, use many different tools, adapt to new tasks.
But all intelligence is still borrowed. It comes from training data, instructions and human-defined goals. The agent does not understand why something is important, only that it is prioritised.
At the same time, one should not dismiss this as a trivial distinction.
The real tipping point
What is both dangerous and exciting is that we are approaching a practical generality. Not a theoretical one. The systems do not need to be conscious or self-reflective to have enormous impact. They just need to be good enough, autonomous enough and integrated enough.
When a personal agent: has long-term memory, can initiate actions on its own, has access to economic and social systems, and learns from consequences over time, then we have something that functionally resembles a generalist, even if philosophically it is not AGI.
That is where the discussion should be.
How to think as an individual and organisation
Saying "don't use this" is neither realistic nor wise. The benefits are too great. But three principles are crucial:
Least possible privilege. Never give full access from the start. Isolate, segment and log everything.
Human in the loop, for real. Autonomy without clear stopping points is a deliberate risk. Where is the brake?
Clear chain of responsibility. The agent is not responsible. You are. Legally, ethically and commercially.
Conclusion
We are not on the threshold of AGI. But we are definitely on the threshold of something that can change how power, work and responsibility are distributed in everyday life. Personal AI agents with deep system access are no longer science fiction. They are a productivity tool that happens to sit very close to the core of our digital lives.
And precisely because of that, they require more thought than most tutorials suggest.
This is not the future. This is now. And it is up to us to decide whether we are building assistants, or unleashing something we do not quite have control over.
The risks shrink dramatically with bounded autonomy, clear SLAs and an operator who takes responsibility for the outcome. That is the core of Lights Out: autonomous agents running your processes with built-in guardrails, not uncontrolled personal experiments.