AI Agents: Current State, Challenges, and Insights from the MIT‑Cambridge‑Stanford Report

Recent headlines coined the term “SaaSpocalypse,” arguing that agents are not merely SaaS users but potential replacements for SaaS applications. Traditional SaaS delivers workflow interfaces charged per seat, whereas agents can call APIs and complete tasks autonomously, shrinking the value of UI‑based tools.

The 2025 AI Agent Index —a joint report by MIT, Cambridge, Stanford, Harvard Law School and others—defines four mandatory entry criteria for an agent to be listed: autonomy (decision‑making without continuous human input), goal complexity (ability to decompose high‑level goals and invoke tools at least three times autonomously), environment interaction (write permissions that can affect the external world), and generality (handling ambiguous instructions and new tasks). An agent must also have sufficient market impact (search volume, valuation, or AI‑safety commitments). From 95 candidates, 30 agents were selected.

Agent Classification and Market Share

The 30 agents fall into three categories:

Chat‑type (12) : e.g., Anthropic Claude, Google Gemini, OpenAI ChatGPT, Claude Code, MiniMax Agent, etc.

Browser‑type (5) : e.g., Alibaba MobileAgent, ByteDance TARS, OpenAI ChatGPT Atlas, Opera Neon, Perplexity Comet.

Enterprise workflow (13) : e.g., Microsoft Copilot Studio, Salesforce Agentforce, ServiceNow AI Agents, SAP Joule Studio, HubSpot Breeze Studio, IBM watsonx Orchestrate, and others.

Geographically, 21 agents originate from the United States, 5 from China, and 4 from Germany, Norway and the Cayman Islands. Twenty‑three agents are fully closed‑source, and only 9 of the 30 allow users to select the underlying large‑language model, reducing exposure to the dominant trio of GPT, Claude and Gemini.

Autonomy Levels

The report introduces a five‑tier autonomy framework (L1–L5). Browser‑type agents are generally rated L4‑L5, meaning they execute most of the task without human checkpoints; the human role is reduced to occasional approval.

Transparency and Security Gaps

Only four agents disclose a dedicated “system card” describing autonomy, behavior boundaries and risk analysis (ChatGPT Agent, OpenAI Codex, Claude Code, Gemini 2.5 Computer Use). Twenty‑five agents provide no internal security testing results, and twenty‑three lack any third‑party audit. Among the five Chinese agents, only one (Zhipu) publishes a security framework.

Memory architecture is largely opaque: the field “Memory Architecture” is marked as gray in the dataset, and most developers do not disclose what agents remember, retention periods, or deletion mechanisms, raising concerns when agents can access email, calendar or file systems.

Action Space Differences

CLI‑type agents (Claude Code, Gemini CLI) can read/write the file system and execute terminal commands, effectively possessing root‑level server permissions. Browser‑type agents manipulate web pages (clicking, form‑filling, navigation) and often ignore robots.txt, making it impossible for websites to distinguish AI‑driven actions from human users. Only ChatGPT Agent uses encrypted signatures to prove its identity to sites.

Accountability Fragmentation

The deployment stack consists of four layers: model providers (Anthropic, OpenAI, Google) → agent developers → enterprise customers → end users. Each layer claims to be merely a platform or tool, shifting responsibility when failures occur. The authors term this “accountability fragmentation.” When the research team contacted all 30 developers, only 23 % responded, and merely four offered substantive feedback.

Anthropic’s Claude Code Usage Report

Anthropic released a complementary report on Claude Code, analyzing over one million public API calls and ~500 k real‑world sessions. Programming tasks dominate (~50 % of usage), with the remainder spread thinly across business intelligence, customer service, sales, finance and e‑commerce. New users grant full automation in ~20 % of sessions, while experienced users do so in >40 % but also interrupt ~9 % of tasks, indicating growing trust yet increased oversight.

Safety analysis shows that ~80 % of tool calls have protective safeguards, 73 % retain some human involvement, and truly irreversible actions (<1 %) are rare. However, autonomous run‑time length for the longest Claude Code tasks more than doubled (from <25 min to >45 min) between Oct 2025 and Jan 2026.

Combined Insights

Both reports agree that the agent ecosystem is exploding in quantity while governance, transparency and safety documentation lag behind. The concentration of underlying models in three providers gives them implicit control over the entire agent stack. At the same time, agents are gaining real‑world authority faster than regulators or users can comprehend, especially as programming remains the primary “beachhead” for AI adoption.

Overall, the analysis warns that while agents promise productivity gains, the rapid increase in autonomy, opaque memory handling, and fragmented accountability pose significant risks that require coordinated industry and policy responses.

References

[1] The 2025 AI Agent Index (https://arxiv.org/abs/2602.17753)<br/>[2] Anthropic, Measuring AI Agent Autonomy in Practice (https://www.anthropic.com/research/measuring-agent-autonomy)<br/>[3] Anthropic Economic Index, January 2026 Report (https://www.anthropic.com/research/anthropic-economic-index-january-2026-report)<br/>[4] Claude Code Security (https://www.anthropic.com/research/claude-code-security)<br/>[5] How AI Helps Break the Cost Barrier of COBOL Modernization (https://www.anthropic.com/research/how-ai-helps-break-cost-barrier-cobol-modernization)<br/>[6] Bloomberg Odd Lots, Which Software Companies Will Survive the SaaSpocalypse (https://www.bloomberg.com/news/audio/2026-02-19/the-saaspocalypse-how-ai-fears-have-damaged-software-stocks)<br/>[7] PwC, AI Agent Survey (2025.5, 308 US executives) (https://www.pwc.com/us/en/tech-effect/ai-analytics/ai-agent-survey.html)<br/>[8] Gartner, Over 40% of Agentic AI Projects Will Be Canceled by End of 2027 (2025‑06‑25) (https://www.gartner.com/en/newsroom/press-releases/2025-06-25-gartner-predicts-over-40-percent-of-agentic-ai-projects-will-be-canceled-by-end-of-2027)<br/>[9] SemiAnalysis, Claude Code is the Inflection Point (https://newsletter.semianalysis.com/p/claude-code-is-the-inflection-point)<br/>[10] Thomson Reuters, CoCounsel Case Study (https://legal.thomsonreuters.com/en/ai-legal-technology/cocounsel)<br/>[11] eSentire x Anthropic, AI‑Powered Threat Investigation (https://www.anthropic.com/customers/esentire)<br/>[12] Microsoft AI Economy Institute, AI Economy Report (https://www.microsoft.com/en-us/research/project/ai-economy/)