The example given in "The WhatsApp Insider Threat" is just plain stupid. An AI agent always runs as the user. All agent actions are under responsibility of the user. We are stepping into age of "it's not me, AI did that" and I don't want to be a part of it.

Also:

> completely bypassing DLP controls, email security, and any corporate audit trail.

That doesn't mean anything. If I can log in to work email on my personal machine, that's the decision of the company to allow this, it has pros and cons. There is a solution to this: do not allow any access to work stuff outside of strictly controlled work hardware.