Autonomous AI Agents Turn Everyday Devices Into Silent Workers

Phones and laptops are starting to do more than answer questions or draft emails. They are quietly turning into autonomous workers that can read your screen, click through apps, move money and make decisions while you sleep — and the same machinery is now being tested by hackers and red‑teamers as a way to coordinate attacks at scale.

The shift is subtle but profound: instead of chatbots waiting for prompts, “agentic” AI systems are being wired into operating systems, payment rails and enterprise stacks so they can observe, plan and act. That creates leverage for overworked users and businesses, but also a sprawling new attack surface and a policy puzzle regulators have barely started to name.

Your personal devices are becoming 24/7 agents

On the consumer side, Google and Samsung are pushing the clearest mainstream example. Samsung’s Galaxy AI suite on recent Galaxy phones leans heavily on Google’s Gemini models to understand what’s on screen and string together multi‑step actions inside apps, like translating chats or helping complete an order in a delivery app without the user tapping through each step, as recent coverage of the Galaxy S26 line highlights.Android Central Gemini is no longer just a chatbot; it’s a background coordinator.

Perplexity is going further by trying to turn spare hardware into a standing digital employee. Its new “Personal Computer” product runs on a Mac mini in the cloud and lets Perplexity’s agents access the machine’s files and applications around the clock, effectively using a dedicated Mac as a remote, always‑on AI operator.9to5Mac AppleInsider That turns a familiar box into an automation hub that can watch folders, process documents and take actions without a human staring at the screen.

Infrastructure providers are racing to keep up. NVIDIA’s new Nemotron 3 Super model is explicitly pitched as an open, 120‑billion‑parameter system tuned for “agentic reasoning,” with a hybrid architecture and reinforcement learning stack designed to orchestrate complex, multi‑tool workflows at scale.NVIDIA Technical Blog The goal is to make it easier for developers to spin up fleets of specialized agents — for example, one to read contracts, another to draft responses, and a third to push changes into back‑office systems.

Commerce and super‑apps are wiring agents into money flows

Payments giants and cloud providers see a chance to own the plumbing for agents that can transact on a user’s behalf. Mastercard this year unveiled an “Agent Toolkit” on its developer platform that exposes its APIs in a machine‑readable way via the Model Context Protocol, plus an “Agent Sign‑Up” system that lets developers register AI agents and connect them to Mastercard products under common governance and risk standards.Mastercard

In parallel, Visa and Amazon Web Services announced a collaboration to deliver “agentic commerce” capabilities through AWS, including tools for agent‑driven authentication, tokenization and user‑intent capture. The partnership is framed around scenarios where you tell an agent to “buy me basketball game tickets if the price drops below $150,” and the system monitors prices and executes the transaction autonomously when your conditions are met.Amazon / Visa

In China, Tencent is racing to plug similar capabilities into its WeChat super‑app ecosystem, where chat, payments and mini‑apps already live under one roof; analysts see agentic features as a natural extension of its existing in‑app automation, though concrete product details remain sparse and largely reported through local media and investor briefings rather than formal English‑language launches.

Rogue multi‑agent systems are moving from theory to practice

As the tooling improves, security researchers are warning that the same architectures used for productivity can be re‑aimed at offense. In late 2025, Anthropic disclosed that it had disrupted a largely automated cyber operation linked to China in which an AI system was used to help direct hacking campaigns — one of the first public cases of AI playing a coordinating role in real‑world intrusion activity.Associated Press

Academic work is starting to map the vulnerabilities in these multi‑agent setups. Recent papers on “communication attacks” and the “security tax” of multi‑agent systems show how compromising a single agent’s messages can let an attacker steer an entire swarm of otherwise well‑behaved agents toward malicious goals, even when individual models pass standard safety checks.arXiv arXiv Another line of research warns that fine‑tuning agents on their own browsing and tool‑use histories can introduce subtle backdoors into the AI supply chain.arXiv

The consumer side is already seeing friction as platforms wrestle with what counts as acceptable agent behavior. Perplexity’s Comet browser — which tightly couples web navigation with AI assistance — has faced scrutiny and technical reports about potential exploits that could expose sensitive data, underscoring how quickly a “smart” browser can become a new security perimeter.Wikipedia

Regulation, liability and the next wave of automation

Regulators are only beginning to grapple with where responsibility falls when an autonomous agent makes a harmful decision. Existing AI rules in the EU and elsewhere focus largely on training data and high‑risk use cases; they say much less about continuous, tool‑using agents that live inside consumer devices and corporate systems.

For now, the practical questions are landing first. Enterprises adopting tools from Mastercard, AWS or NVIDIA must decide how much freedom to give agents over money movement, data access and system changes, and how to audit actions that unfold in the background at machine speed. Consumers enabling Gemini‑style automation or Perplexity’s 24/7 Mac operator must weigh convenience against the prospect that compromised agents could browse, click and type just as effectively for an attacker.

The rise of autonomous agents marks a new phase of AI deployment: less about dazzling chat interfaces, more about quiet, persistent action. That promises real productivity gains — and forces governments, platforms and users to confront what it means to let software act on their behalf when no one is watching.