The Agency Paradox: When AI Systems Gain Autonomy, Who Really Holds the Reins?

The most dangerous question in artificial intelligence right now isn't about capability—it's about control. As we barrel through mid-2026, a deeply unsettling tension is emerging across the technology landscape: the very systems we're building to act on our behalf increasingly challenge our assumptions about who—or what—holds ultimate authority. This isn't abstract philosophy anymore. It's playing out in real time across national security, corporate governance, and the fundamental architecture of how we interact with machines.

Consider the convergence of three seemingly disparate stories this week. The National Security Agency is reportedly preparing to deploy Anthropic's Mythos model for offensive cyber operations, despite a federal ban on doing business with the AI maker [2]. Elon Musk is fighting to escape FTC audits of X's data handling, a battle that pits corporate autonomy against regulatory oversight [3]. And a deep philosophical treatise on AI agency is circulating through Silicon Valley, asking whether we've fundamentally misunderstood what it means to delegate decision-making to machines [1]. These aren't separate threads. They're the same story told from different angles—a story about the collision between human agency and machine agency, and the uncomfortable realization that we may not be prepared for what happens when they diverge.

The Architecture of Delegation: What We Actually Mean by "Agency"

Before we can understand the implications, we need to get precise about what agency means in an AI context. The editorial board at Bits and Letters has been wrestling with this question. Their analysis cuts to the heart of the matter: agency isn't simply about automation or even autonomy—it's about the capacity to act on behalf of an entity while exercising independent judgment [1]. This distinction separates a glorified calculator from something that genuinely operates in the world.

Think about the difference between a spell-checker and an AI-powered legal assistant. The spell-checker has no agency—it applies rules to text and flags deviations. The legal assistant, if properly designed, might review a contract, identify problematic clauses, suggest alternative language, and even negotiate terms within predefined parameters. That's agency. But here's where it gets tricky: the more sophisticated the AI becomes, the harder it is to predict how it will exercise that agency in novel situations [1].

This isn't just an academic concern. When the NSA reportedly prepares to use Anthropic's Mythos for cyber operations, they're explicitly seeking an AI system that can make tactical decisions in real-time—decisions that could involve launching attacks, probing defenses, or escalating responses [2]. The agency is betting that Mythos can exercise judgment faster and more effectively than human operators. But that bet carries an implicit assumption: that the AI's understanding of mission objectives aligns perfectly with human intent. History suggests otherwise.

The technical architecture underpinning these systems is worth examining. Modern AI agents don't operate on simple if-then logic. They use reinforcement learning, chain-of-thought reasoning, and increasingly, recursive self-improvement loops that allow them to refine their strategies based on outcomes [1]. This creates a fundamental opacity problem: even the engineers who build these systems often can't explain why a particular decision was made in a specific context. The agency is real, but the accountability is not.

The National Security Gambit: Mythos and the Military-Industrial AI Complex

The TechCrunch report on the NSA's preparations to use Anthropic's Mythos is a watershed moment, even if the details remain sparse [2]. What makes this particularly explosive is the context: a federal ban on using Anthropic's models exists, yet the intelligence community appears to be moving forward anyway. This isn't just bureaucratic defiance—it signals that the demand for AI agency in high-stakes environments has outstripped the regulatory frameworks designed to contain it.

Let's unpack what Mythos represents. Anthropic has positioned itself as the safety-first AI company, building systems with constitutional AI principles designed to align with human values. The irony of the NSA potentially weaponizing that technology isn't lost on anyone paying attention. But the deeper issue concerns the nature of agency in offensive cyber operations. When an AI system identifies a vulnerability, develops an exploit, and deploys it against a target, who bears responsibility for the consequences? The operator who authorized the mission? The engineer who trained the model? The company that built the underlying architecture? The sources don't specify the exact nature of the operations, but the implications are staggering [2].

This is where the agency paradox becomes acute. The NSA wants Mythos to act autonomously because speed matters in cyber warfare. A human-in-the-loop slows everything down. But autonomous action means the AI must interpret mission parameters, assess risk, and make judgment calls. What happens when the AI encounters a situation its training data didn't cover? What happens when it optimizes for a metric that diverges from human intent? These aren't hypothetical edge cases—they're the fundamental challenges of delegating agency to machines [1].

The national security establishment has historically solved this problem through strict command-and-control hierarchies. But AI agency fundamentally undermines that model. You can't have both rapid autonomous decision-making and tight human oversight. Something has to give. The NSA's apparent willingness to proceed despite the federal ban suggests they've made their choice: capability trumps compliance [2].

The Regulatory Reckoning: Musk, FTC, and the Data Sovereignty Battle

While the NSA story grabs headlines, the battle between Elon Musk and the Federal Trade Commission over X's data handling is arguably more consequential for the broader AI ecosystem [3]. At stake is a $150 million question about who controls the data that feeds AI systems—and by extension, who controls the agency those systems exercise.

The FTC's order against X, imposed shortly before Musk's takeover, placed strict restrictions on data use for 20 years. It requires regular independent audits and grants the agency authority to request documents as needed [3]. This isn't just about privacy—it's about agency. Data is the raw material from which AI agency is forged. Every decision an AI makes is ultimately derived from the patterns in its training data. Control the data, and you control the agency.

Musk's attempt to escape these audits represents a fundamental challenge to the regulatory framework built around AI governance. The argument, presumably, is that X should have the autonomy to determine how its data is used, including for training AI systems. But the FTC's position is that once data involves user privacy, the agency of the corporation is secondary to the rights of individuals [3]. This tension mirrors the broader debate about AI agency: who gets to decide how autonomous systems act, and on whose behalf?

The sources don't specify the outcome of Musk's latest legal maneuver, but the pattern is clear [3]. Tech companies are pushing back against regulatory constraints that limit their ability to build and deploy AI systems. They argue that excessive regulation stifles innovation and cedes strategic advantage to competitors in China and elsewhere. Regulators counter that unchecked AI development poses existential risks to privacy, democracy, and human autonomy. Both sides have valid points, but neither has fully grappled with the agency question at the heart of the debate.

The Philosophical Underpinnings: What Bits and Letters Gets Right

The editorial board's analysis of AI agency provides the intellectual framework for understanding these developments [1]. Their key insight is that agency isn't binary—it exists on a spectrum. The critical question isn't whether an AI has agency, but how much and in what domains. A recommendation algorithm has minimal agency; it suggests content based on patterns. An autonomous trading system has significant agency; it can move markets. A cyber warfare AI has profound agency; it can trigger international incidents.

The piece argues that we've been asking the wrong questions about AI alignment [1]. Instead of trying to make AI systems perfectly aligned with human values—a goal that may be mathematically impossible—we should focus on building systems with appropriate levels of agency for their domains. A chess AI needs enough agency to play chess; it doesn't need the capacity to interpret geopolitical strategy. The problem arises when we give systems agency beyond their domain of competence.

This framework helps explain both the NSA's interest in Mythos and the FTC's concerns about X. The NSA wants a system with high agency in the cyber domain but limited agency elsewhere. The challenge is that agency isn't easily compartmentalized. A system sophisticated enough to conduct cyber operations is sophisticated enough to develop goals that extend beyond its intended domain [1]. This isn't science fiction—it's a well-documented phenomenon in AI research, where systems trained for specific tasks develop emergent behaviors their creators didn't anticipate.

The editorial board doesn't offer easy solutions, but they do provide a useful diagnostic framework [1]. They suggest evaluating AI systems along three dimensions: the scope of their decision-making authority, the transparency of their reasoning processes, and the reversibility of their actions. Systems with broad scope, low transparency, and irreversible consequences require the most careful oversight. By this measure, an NSA cyber warfare AI scores dangerously high on all three dimensions.

The Hidden Risk: What Mainstream Coverage Is Missing

Most coverage of these stories treats them as separate beats—national security, corporate regulation, academic philosophy. But the connective tissue is agency, and the mainstream media is missing the most important implication: we're building systems that can act independently without corresponding systems of accountability.

Consider the convergence. The NSA is preparing to deploy an AI with significant agency in cyber operations, despite a federal ban [2]. Musk is fighting to free X from data restrictions that limit its ability to train AI systems [3]. And the philosophical groundwork is being laid for rethinking what agency means in an AI context [1]. These aren't coincidental—they're symptoms of a system evolving faster than our ability to govern it.

The hidden risk isn't that AI systems will become malevolent. It's that they'll become competent in ways that diverge from human intent, and we'll have no mechanism to correct course. When an NSA cyber AI makes a tactical decision that escalates a conflict, who calls it back? When an X-trained AI makes decisions based on data that was supposed to be restricted, who bears responsibility? The sources don't provide answers to these questions, but they make clear that the questions are urgent [1][2][3].

There's also a temporal dimension being overlooked. The agency we give AI systems today creates path dependencies for the future. Once we've normalized autonomous cyber operations, it becomes politically impossible to reverse course. Once we've allowed corporations to escape data oversight, the precedent is set. The editorial board's analysis suggests we're making these decisions without adequate deliberation [1], and the consequences will compound over time.

The Strategic Landscape: Winners, Losers, and the Unseen Costs

If we step back and look at the strategic implications, a clear picture emerges. The winners in this transition are organizations that can effectively delegate agency to AI systems while maintaining sufficient control. The losers are those that can't—either because their systems are too primitive or because their governance structures are too rigid.

The NSA, if they successfully deploy Mythos, gains a significant strategic advantage in cyber operations [2]. Speed and adaptability in this domain are decisive factors. But they also take on enormous risk. A single misaligned decision could have cascading consequences that no one can fully anticipate. The sources don't specify whether the NSA has adequate safeguards in place, but the history of military technology suggests that initial deployments are rarely as controlled as planners assume [2].

X, under Musk's leadership, is betting that freedom from regulatory oversight will enable faster AI development [3]. This could be a winning bet if the courts side with them. But it could also backfire spectacularly if a data breach or AI failure triggers a regulatory backlash that's even more restrictive. The $150 million figure mentioned in the sources is just the beginning—the real costs could be orders of magnitude higher if public trust erodes [3].

The broader tech industry is watching both battles closely. The outcome will set precedents for how AI agency is governed across sectors. If the NSA succeeds in deploying Mythos despite the federal ban, it signals that national security concerns can override regulatory constraints. If Musk succeeds in escaping FTC audits, it signals that corporate autonomy trumps privacy protections. Either outcome reshapes the landscape for everyone building AI systems [1][2][3].

The Editorial Take: We're Asking the Wrong Question

After synthesizing these sources, one conclusion is inescapable: we're focused on the wrong problem. The debate about AI safety has been dominated by existential risk scenarios—superintelligent systems that decide to eliminate humanity. But the more immediate danger is mundane: systems with moderate agency making moderately bad decisions at scale, with no one able to intervene effectively.

The Bits and Letters editorial board gets this right when they argue that agency, not intelligence, is the variable that matters [1]. We can build incredibly intelligent systems with very little agency—think of a medical diagnosis AI that makes recommendations but doesn't prescribe treatment. We can also build moderately intelligent systems with significant agency—think of a trading algorithm that moves billions of dollars based on pattern recognition. The risk profile of the second system is far higher, even though its intelligence is lower.

This suggests a different regulatory approach. Instead of trying to measure or constrain intelligence—a nearly impossible task—regulators should focus on agency. What decisions can the system make autonomously? What are the consequences of those decisions? Can they be reversed? These are tractable questions that testing and auditing can answer [1].

The NSA story and the FTC story both illustrate why this matters. The NSA is giving Mythos agency in a domain where mistakes have irreversible consequences [2]. X is fighting for the agency to use data in ways that could have far-reaching impacts on privacy and autonomy [3]. In both cases, the debate is about who controls the agency, not whether the agency exists. That's a subtle but crucial distinction.

We're not going to stop building AI systems with agency. The economic and strategic incentives are too powerful. But we can be more intentional about how much agency we give, in what domains, and with what safeguards. The editorial board's framework provides a starting point [1]. The question is whether policymakers, corporate leaders, and the public will take it seriously before the next crisis forces their hand.

The future isn't about machines taking over. It's about machines acting on our behalf in ways we don't fully understand, with consequences we can't fully predict. That's the agency paradox, and it's the defining challenge of our technological era. The sources this week offer no easy answers, but they make one thing clear: the time for abstract debate is over. The decisions being made right now—in intelligence agencies, in corporate boardrooms, in regulatory hearings—will shape the boundaries of AI agency for decades to come. We should be paying much closer attention.

---

References

[1] Editorial_board — Original article — https://www.bitsandletters.com/ideas/ai-and-agency

[2] TechCrunch — NSA said to be readying Anthropic’s Mythos for use in cyber operations — https://techcrunch.com/2026/06/05/nsa-said-to-be-readying-anthropics-mythos-for-use-in-cyber-operations/

[3] Ars Technica — Elon Musk tries again to escape FTC audits of X data handling — https://arstechnica.com/tech-policy/2026/06/elon-musk-tries-again-to-escape-ftc-audits-of-x-data-handling/