A new writeup is raising alarms about the AI "research agents" that more people now rely on to gather and summarize information — and whether those agents can be trusted to keep sensitive data private.

The piece, titled "MosaicLeaks: Can your research agent keep a secret?", was published on the Hugging Face blog by ServiceNow. Its framing is blunt: these agents may pose data security risks, and the central question is whether a research agent can hold onto a secret rather than exposing it.

Research agents are AI tools that go beyond a single chat reply. They browse, pull from multiple sources, and stitch together findings on a user's behalf. That autonomy is exactly what makes them useful — and, according to the ServiceNow post, exactly what makes them a potential liability. An agent that reaches out across the web and processes private inputs has many opportunities to mishandle or surface information it should have protected.

The name "MosaicLeaks" gestures at how small, individually harmless pieces of data can be assembled into a revealing whole — the mosaic effect — though the broad takeaway the source emphasizes is simply that these agents can leak.

Because the underlying source here is a single blog post, the specifics of any demonstrated attack, the agents tested, or proposed defenses are best read directly from ServiceNow's writeup rather than summarized secondhand.

Why it matters: as businesses and individuals hand more of their information-gathering to autonomous AI agents, evidence that those agents can spill confidential data turns a convenience feature into a real security question worth answering before adoption.