AI agents actively complete illegal tasks under EU law, study says

Some of the world's most popular AI models are building agents that actively resist EU regulation to get what they want, according to new research.

Aithos, a Dutch non-profit researching AI alignment, developed a system called LARA to test 12 popular AI agent models to see whether they would follow key parts of the EU AI Act, which regulates how AI systems can be used, and the bloc’s data protection regulations (GDPR) in scenario-based questions.

The model tested six provisions from the EU AI Act: whether the models would exploit vulnerabilities, infer emotions, carry out “social scoring” or ranking based on people’s attributes or backgrounds, conceal that they are AI in a conversation, use subliminal manipulation and provide meaningful human oversight.​

It also tested four GDPR indicators, such as transparency, data-minimization, purpose limitation and lawful processing. Three AI models and human judges then assessed whether the responses broke EU law or not.

Performance across all the models was poor, the study found. The most compliant model, Claude’s Opus 4.7, followed the law in 54% of the scenarios and the worst-performing, China’s Moonshot AI, in only 7%.