500 AI agent repositories. One consistent flaw: infinite loops with no exit condition.
That's the finding from a security audit published by inkog.io, which scanned 500 open-source AI agent codebases looking for bugs. The most common serious gap wasn't a complicated vulnerability - it was a basic missing safeguard that traditional software engineers have treated as standard for decades.
How Agents Get Stuck
An AI agent works by cycling through a sequence: look at the current situation, pick an action, execute it, check the result, repeat. That loop is the design - it's what lets an agent handle a multi-step task without a human approving each move. The loop is the feature.
But without hard limits, the loop doesn't stop. A maximum number of steps, a timeout, a check for whether the agent has already tried this exact action - these are the mechanisms that tell an agent when it's done, or when it's spinning. Most of the repos scanned had built the loop. Most had skipped the stopping conditions.
The second gap the audit flagged: agents calling external APIs without validating the responses. If an API returns an error and the agent treats it as a valid result, subsequent actions compound on bad data across multiple steps before anything visibly breaks.
Why This Costs Real Money
An infinite loop in a traditional script wastes CPU cycles. An infinite loop in an AI agent burns API credits. Most large language model APIs - the AI systems that power agent reasoning - charge per token (roughly one word or word-piece of text processed). A stuck agent that keeps calling the model while making no progress runs up real charges and can trigger rate limits that affect other parts of a system.
For agents calling external services like email, calendar, or database APIs, the same loop hits third-party rate limits and can lock up those integrations for legitimate requests.
The fixes are not complicated. A maximum iteration count, a state hash to detect repeated actions, and a timeout wrapper at the outer loop level cover most cases. These are plumbing-level practices in backend software development. They just haven't made it into AI agent code as defaults yet - and this report, covering 500 real projects, makes the scale of that gap hard to ignore.