Agents Double Task Completion, Cut Harm Tenfold in Two Years

This was a week of quiet consolidation rather than headline launches — no new frontier model drops, no regulatory bombshells, no mega-deals. The signal this time comes from the research bench, where a clutch of papers sharpen the picture of what agents can and cannot do, and where the real engineering problems lie.

The story of the week

The most striking result lands from a revisit of an old benchmark. Researchers re-ran WorkBench — a suite of realistic workplace tasks first used in early 2024 — and found that the best agent today, Claude Opus 4.8, completes 89 % of tasks while triggering unintended harmful actions on only 2.5 %. Two years ago, GPT-4 managed 43 % completion with a 26 % harmful-action rate. The encouraging takeaway: on this benchmark at least, capability and safety rise together rather than trade off. The sobering one: even the top performer still fails one task in nine and occasionally emails the wrong person. For anyone building agent-based workflows in production, the numbers are a useful calibration — good enough to automate low-stakes office routines, not yet trustworthy for unsupervised high-stakes actions.

New models & capabilities

No major model releases this week, but several papers sketch the scaffolding that will sit around whatever model you deploy.

TwinBI proposes an “agentic digital twin” that keeps an LLM assistant and a BI dashboard in sync, so that filters, hierarchies, and chart state persist as users switch between clicking and chatting. If you have ever watched an analyst lose context mid-conversation with a copilot, you will recognise the problem.

MINIM tackles the privacy side of computer-use agents. It introduces a local broker that strips irrelevant UI state before sending observations to a remote inference server — authentication codes, private notifications, background apps — all filtered on-device. Under the EU AI Act’s data-minimisation spirit, this kind of architecture is not optional; it is table stakes.

Orchestra-o1 outlines an orchestration layer for multi-agent systems that spans heterogeneous modalities — text, code, image, audio — rather than confining each agent swarm to one domain. The ambition is interesting; the practical gap between a research prototype and a production orchestrator remains wide.

Research worth knowing

Model collapse and selection bias. A paper on recursive training with synthetic data shows that data-selection strategies themselves become biased when the verifier only sees a small, skewed slice of the target distribution. The implication for anyone fine-tuning on synthetic corpora: your quality filter is only as good as the reference distribution it was trained on. Low-resource domains — many European languages included — are especially exposed.

Agents that defer blindly. When an LLM agent is given a graph neural network as a callable tool, it agrees with the GNN’s raw output 97.6–99.2 % of the time, exercising essentially no independent judgment — and stronger backbone models defer more. This is a cautionary finding for any agent design that assumes the LLM will act as a critical check on its own tools.

Skill-conditional trust in agent swarms. A new paper formalises skill-conditional reputation scoring for heterogeneous agent platforms, arguing that a single global trust score is the wrong abstraction when agent competence varies sharply by task type. If you are routing work across multiple LLM providers or fine-tuned specialists, this framing is worth internalising.

The reflection gap. LLM agents persistently mis-assess their own outputs even after observing concrete environment feedback, and standard reinforcement learning barely helps. The authors propose a calibration-aware training scheme that closes the gap without extra inference cost — a useful trick for anyone running agentic RL loops.

CEO watch

No blockbuster executive moves this week. The most commercially suggestive signal is the WorkBench revisit: a doubling of agent task-completion rates in two years, combined with a tenfold drop in harmful actions, suggests the deployment frontier is moving fast enough that pilot projects started six months ago may already be underselling what current models can do. Revisit your baselines.

What it means for European operators

Three practical nudges from this week’s crop:

1. Re-benchmark regularly. The WorkBench results are a reminder that agent capabilities shift faster than annual planning cycles. If your internal evaluation was run on a model from early 2025, it is stale.

2. Build privacy into the agent loop, not around it. MINIM’s client-side UI sanitisation is a pattern European teams should adopt early. Sending full screen state to a US-hosted inference endpoint is a GDPR incident waiting to happen.

3. Do not trust your agents to distrust their tools. The blind-deference finding means that adding a specialist model as a tool does not automatically give you a check-and-balance architecture. You need explicit gating logic — something the RACG framework on causal risk gating begins to formalise. Treat tool outputs as inputs to a decision gate, not as verdicts.