Professor Ricardo A. Baeza-Yates is a leading Chilean computer scientist known for his groundbreaking work in algorithms, information retrieval, web search, data mining, and responsible AI. He holds advanced degrees from the University of Chile and a Ph.D. from the University of Waterloo, Canada. He has held academic and leadership roles at top institutions and companies, including Yahoo Labs and NTENT. His book, “Modern Information Retrieval”, is a key reference in the field. Currently, his research centers on algorithmic bias and AI ethics. He is a Fellow of the ACM and IEEE, a member of Chilean sciences and engineering academies, and the recipient of several prestigious awards, including Chile’s National Prize in Applied and Technological Sciences in 2024. He remains an influential voice in responsible AI and technology’s societal impact.
Summary
The interview explores the multifaceted challenges and opportunities presented by AI agents in today’s rapidly evolving technological landscape. Professor Ricardo Baeza-Yates highlights that AI both empowers malicious actors to breach security and equips defenders with advanced tools, necessitating heightened vigilance as threats now involve “humans plus AI.” New technologies, especially generative AI, introduce new and unique privacy and security risks that demand proactive strategies.
A major concern is bias amplification in AI agents performing sequential actions. Biases can compound, sometimes unintentionally, resulting in outcomes more skewed than anticipated. Effective mitigation is required at every stage, though best practices are still developing. The phenomenon is likened to the “Telephone game,” where messages distort as they pass along, and malicious intent can worsen the final impact.
Cultural and regulatory differences significantly influence agent design. For example, Anglo-Saxon countries tend to trust institutions more, while Southern European nations prefer transparency due to lower institutional trust. Customization is essential, as expectations for accountability and transparency vary widely, and approaches to user autonomy differ between regions.
Communicating AI capabilities and limitations to non-technical stakeholders is context dependent. Obligations for transparency and warnings hinge on the likelihood and severity of potential harm. Even minimal risks may require user warnings if the impact could be significant, emphasizing the need for nuanced, context-aware responses. Transparency also has a trade-off with security, as a more transparent system may help bad actors on how to breach a system or at least gaming it, depending on the application.
The interview also addresses the importance of considering agent autonomy, especially in sensitive domains like justice or government subsidies, where data does not represent well the full reality, making decision-making less precise. Human judgment remains crucial in complex scenarios such as justice, recruitment, scholarships, or subsidies.
Ultimately, Professor Ricardo Baeza-Yates advocates for conducting risk impact assessments for AI outcomes, always prioritizing the user’s perspective.
Emerging Security Risks for AI Agents and Strategies for Fairness Auditing in Action-Based Outputs
I think there are two sides to this coin: on one hand, AI enables bad actors to discover new ways to breach security, while on the other hand, it also provides us with powerful tools to strengthen defenses and protect against emerging threats. So, we need to be more careful on the security levels because now we are not fighting only humans, we are fighting humans plus AI. This is one side. And on the other side there are all these new ways based on generative AI. Agents are not new, agents are from the 90s, but still now they have a new rebirth. For example, in generative AI, you have issues with data privacy, finding different kinds of security issues that before were not true, and so on. We need to also take care about the new issues that appear because of using these new technologies.
Bias Amplification and Propagation in AI Agents Performing Sequential Actions
I would say the main issue is that you will be compounding different biases, and probably without wanting, you may be amplifying some biases. You have a sequence of biases, and what is the outcome of basically putting one bias after the other, sometimes maybe similar, like some demographic bias. What is the result? I mean, probably the result would be something more biased than what you expect, and that we need to mitigate it in ways that are not yet well-known. You need to do very good mitigations at every step of the process. But surely, we will find out other things that we never have expected because of this sequence of actions. For example, there is a typical joke that when you propagate something even true, you get inaccuracy on the way. It is like the childhood game Telephone, where a message changes as it’s passed along—even without any ill intent. With bad intentions, the outcome could be far worse.
The Influence of Cultural and Regulatory Differences on Agent Design: Privacy Expectations and Risk Tolerance
Culture should play a key role when tailoring applications for different countries. For instance, in Anglo-Saxon nations like the U.K. and U.S., there is generally more trust in institutions and they ask for accountability, whereas in Southern European countries, lower institutional trust means users tend to prefer greater transparency. For northern Europe, greater accountability is important, while in southern Europe, increased transparency is needed due to lower trust in the system. However, expecting both high accountability and transparency can be unrealistic for some cultures; for instance, Spanish lacks a single word for accountability (“rendición de cuentas”), reflecting a cultural difference. These differences also shape responses to user actions in banks: some European companies may prioritize user autonomy, letting customers make mistakes, whereas the U.S. may focus on protecting the customer for business reasons. Customization offers a middle ground, such as suggesting better investment options rather than criticizing user choices, ultimately leaving decisions to the user.
Effective Communication of AI Agent Capabilities and Limitations to Non-Technical Stakeholders
This is indeed an important topic; however, it is difficult to generalize because obligations vary significantly depending on the context. For instance, in situations where actions do not cause harm to individuals, the obligations may be less stringent. Consider, for example, advertising related to war—while an offensive advertisement is undesirable, it is unlikely to result in direct consequences for users, aside from potential changes in perception or acceptance.
It is critical to account for both the likelihood and the severity of possible harms: even minimal risk can warrant attention if the potential impact is significant. In cases involving low or marginal risk, obligations may simply involve providing users with a warning about possible, though not severe, impacts. Ultimately, the response must be tailored to the context and application, emphasizing the importance of a nuanced, context-dependent approach.
Global Variations in Technology Adoption and Development Efforts: Comparing Europe and the Western United States
It is crucial to consider the actual autonomy and agency of an agent in any context. Recent research outlines different levels of autonomy, and the types of actions agents can perform, which can significantly affect outcomes. Understanding the application’s context, its potential impact, and who is involved is key to evaluating these factors.
Global Trends and Key Concerns in the Rapid Evolution of AI Agent Startups and User Adoption
This situation exemplifies my earlier comments regarding autonomy and agency. I am concerned about deploying fully autonomous agents in contexts where future outcomes for individuals could be affected, such as within the justice system. Additional challenges exist, including instances where available data fails to accurately reflect the underlying problems. Often, data serves as a poor proxy, yet its limitations are overlooked, and it continues to be applied despite being an inadequate representation.
For example, I would express significant reservations about implementing autonomous systems in critical domains such as justice, hiring, government subsidies, or educational scholarships—situations where the potential for harm is considerable and, in some cases, deployment should arguably be prohibited due to the unreliability of the data involved. Essentially, the incompleteness of data undermines sound decision-making, even in scenarios where the approach might initially appear reasonable. Numerous anecdotal instances highlight these shortcomings.
An important subsequent consideration is determining which types of actions, if autonomously decided, could negatively impact people—economically, psychologically, or physically. This variability underscores the need for caution in such environments. There is a risk that hasty or ill-informed choices could lead to unintended adverse consequences. For instance, current uses of AI in recruitment frequently result in suboptimal hiring decisions, as the data employed does not reliably indicate the most suitable candidates. The complexity of hiring highlights these difficulties, and I remain convinced that human judgment by skilled managers generally yields better results.
Establishing Specialized Police Departments for Emerging Technologies and Hopeful Examples of Responsible AI Agents
I have always imagined an agent like Jiminy Cricket from Pinocchio—a supportive digital assistant that acts as your conscience. This agent would help you improve, protect against manipulation, and provide daily feedback on your actions, such as whether you treated others unfairly or were targeted by bad actors. With brief daily sessions, it could raise your awareness and encourage personal growth. While not everyone may use it, I think many people would benefit from its guidance.
Advice on Building Safe, Responsible Architectures Across Different Locations
To effectively contribute to this field, it is essential to thoroughly study topics such as AI ethics, responsible AI, and AI safety. Although these concepts may vary depending on whom you consult, they share a common objective. A deep interdisciplinary understanding is required, which can be challenging; therefore, collaborating with professionals who possess diverse skills and expertise is highly recommended. Forming small teams of two or three individuals with complementary backgrounds can enhance problem-solving capabilities.
Advancing current architectures for language models is also crucial. Achieving greater intelligence and safety requires incorporating additional elements, such as established logical reasoning from traditional AI. Ensuring the inclusion of reliable knowledge, alongside thorough online fact-checking prior to generating content, remains a significant challenge. Several companies offer robust proprietary knowledge bases, and there are public options available as well.
One of the most difficult challenges pertains to common sense reasoning—arguably the rarest form of sense. The ability for a system to determine optimal actions in unfamiliar scenarios exemplifies common sense. This remains a central challenge in developing more human-like AI. However, rather than attempting to replicate humanity, I believe AI should be designed to support and enhance human capabilities.
If You Had to Choose One Guiding Principle for Building AI Agents, What Would It Be?
It is important to conduct a risk impact assessment for any outcome generated by an agent. The most effective approach is to put yourself in the user’s shoes. Thank you for the engaging discussion.
An interview with Mark Ruddock 
What happens when software engineers enhance development with AI?