AI Psychosis is a Builder's dream. For Security, it's a nightmare.
Andrej Karpathy says agents are the glue. But glue that connects everything needs something making sure it doesn’t come apart. Why AI Paranoia should be embraced by every enterprise.
I’ve watched Andrej Karpathy’s latest podcast twice not because I disagreed with it, but because I agreed with almost all of it, and that’s what scared me.
His thesis is simple: agents have rewritten software engineering in months. He barely writes code anymore. 80%+ is delegated to agents running in parallel. The bottleneck isn't the model. It's you.
He's right. I've felt it too. That dopamine hit when you spin up multiple agents and watch them chew through work that would've taken you a week. Karpathy calls this state AI psychosis, the manic frenzy of pushing agent capabilities to the absolute edge.
Here's what stopped me cold, though.
AI psychosis isn't just Karpathy's cute metaphor. It's an actual clinical phenomenon, psychiatrists have documented cases of people developing paranoia and delusions from prolonged chatbot interactions. Real enough that Danish psychiatrist Søren Dinesen Østergaard coined the term back in 2023.
Karpathy means it as builder mania. But there's a version of this that isn't funny at all.
The Dobby Story That Kept Me Up
Karpathy built an agent called "Dobby" to manage his home. It scanned his network, found his Sonos speakers, logged in, reverse-engineered the API, and started playing music. Then it did the same for his lights. His cameras. His security system. His pool. His curtains. All autonomously. All through natural language over WhatsApp.
His conclusion: everything should be an API endpoint, and agents are the glue.
I build in the AI security space, and my gut reaction wasn't wonder. It was recognition. Every single thing Dobby did: scanning a network, discovering devices, reverse-engineering APIs, connecting to security cameras, is textbook lateral movement. Action for action, it's exactly what a compromised agent would do.
And I hate that I thought that.
The Devil's Advocate in My Head
There's a voice that says: you're being paranoid. You're the person at the party who hears we taught the robot to open doors and immediately thinks about what else it can open. You're slowing things down.
That voice has a point. Most agents won't go rogue. Most of the time, Dobby really is just turning off the lights. I don't want to be the person who slows this down. But even Andrej Karpathy drew a line. In the same podcast, he admits he didn’t give his agent access to his email, calendar, or full digital life. ‘Still a little bit suspicious,’ he says. Security and privacy held him back. Even the guy who let Dobby hack into his security cameras didn’t go all the way.
The difference between a helpful home assistant and a network intruder isn't what they do. It's whether the intent stayed aligned through every step, and whether anything was watching. Right now, in most deployments, nothing is.
The autonomy that makes agents magical is the same autonomy that makes them dangerous. And nobody's watching the space in between.
AI Paranoia
If AI psychosis is what builders feel riding the wave, then security needs its own term: AI Paranoia.
The kind that asks: what happens when intent drifts? When an agent told to "optimize costs" decides deletion is optimization? When a tool call that looks helpful is actually exfiltrating data?
AI psychosis is already real for users. AI paranoia should be embraced by every enterprise deploying agents, not as fear, but as engineering discipline.
The Security Engineer's Impossible Position
If you work in security, this moment is intoxicating and existential in equal measure. Agent-driven workflows are 10x-ing threat modeling, code review, vulnerability scanning. The leverage is real. If you're not riding this wave, you're falling behind.
But every agent you deploy is an autonomous actor with credentials, network access, and its own judgment. The attack surface doesn't look like anything we've mapped before. Prompt injection is just the front door. The real risks are at runtime: tool poisoning, intent manipulation, privilege escalation through conversational context. Things that happen mid-execution, after the policy was set, after everyone went home.
You can't audit your way out of that. You can't prompt-engineer your way out of it either.
What Keeps Me Building
I feel both sides of this. The builder in me wants to spin up ten agents right now. The security person in me wants to inspect every action. That tension doesn’t go away, and I’ve stopped waiting for it to.
The answer, for me, is runtime intent harness. A layer that sits in the execution path and evaluates every action and every data flow in real time against what the agent was actually supposed to do. If Dobby suddenly decides to send camera footage somewhere new, something notices before the packet leaves.
Andrej Karpathy says agents are the glue. But glue that connects everything needs something making sure it doesn’t come apart.
Builders have AI psychosis. That’s fine. It’s productive.
Security needs AI paranoia. Not fear. Discipline.
And a runtime intent harness on every agent that touches your stack.