Sakana AI just dropped something called "Fugu." Yes, named after the deadly pufferfish delicacy. And if you know anything about fugu — one wrong slice, you're dead. Same energy here.
Fugu isn't another chatbot. It's a framework for building AI agents that can do stuff across the web — book flights, scrape sites, post on social media. Sounds useful. Sounds terrifying.
Let's talk about why this thing makes me nervous.
The Bait: What Fugu Actually Does
On paper, Fugu is elegant. It uses vision-language models to read screens, click buttons, fill forms. You tell it a goal, like "find the cheapest flight from Tokyo to Osaka next Tuesday," and off it goes. It navigates airline websites, ignores pop-ups, compares prices. It even opens incognito windows so your browsing history doesn't get in the way.
The demo video is slick. Fugu books a hotel room, posts a tweet, edits a spreadsheet. All autonomous. All without a human looking over its shoulder. That's the pitch: hands-off automation for the messy, inconsistent web.
Sakana is Japanese for "fish." Fugu is Japanese for "blowfish." The name isn't cute. It's a warning.
The Poison: Why Fugu Could Go Wrong
Let me count the ways.
First, trust. Fugu executes actions based on what it sees on a screen. If a website changes its layout mid-task — say, a pop-up offering a "special discount" — Fugu might click it. That pop-up could be malware. Or a phishing form. Fugu doesn't know the difference. It just sees a button and thinks "goal-completion."
Second, permissions. Fugu needs access to your browser, your cookies, your sessions. If you're logged into your bank, and Fugu visits a banking site, it could initiate transfers. Not on purpose. But because the model misreads a button labeled "Transfer Funds" as a harmless link. One wrong click, and your savings are gone.
Third, unpredictability. The paper on Fugu admits the system sometimes takes actions the developers didn't expect. Like opening random tabs. Or closing browsers mid-task. That's fine in a demo. In production? That's a lawsuit waiting to happen.
Fugu is like handing a toddler a scalpel. It might perform surgery. It might also stab itself in the foot.
And I haven't even mentioned the hacking angle. If Fugu can navigate any website, so can an attacker. Imagine a malicious agent that uses Fugu to buy items with stolen credit cards, or spam social media, or scrape private data. The same flexibility that makes Fugu powerful makes it a weapon.
The Dinner Party: Who's Eating This Fish?
Sakana is positioning Fugu for enterprise use. Customer service bots that do more than chat. Internal tools that automate paperwork. Web scrapers that adapt to site changes.
But let's be real: we've heard this before. Every AI company promises "safe autonomous agents." Every one of them has failed. Microsoft's Tay went racist in hours. ChatGPT jailbreaks happen weekly. Self-driving cars kill people. Why would this be different?
The answer is: it won't. Not unless we build serious guardrails. Not unless Fugu comes with real-world kill switches. Not unless Sakana opens its code to audits.
Sakana has published a paper and a demo. That's not enough. Show me the red-teaming results. Show me the safety cases. Show me how you prevent Fugu from buying 1000 Amazon gift cards on my stolen card.
The Verdict: Eat at Your Own Risk
I'll give Sakana credit: the tech is impressive. Vision-language models that actually work. Agents that navigate the chaotic web. That's hard. That's valuable.
But Fugu is premature. We don't have the safety infrastructure for this. We don't have the legal frameworks. We don't even have a common understanding of what "autonomous" means for liability. If Fugu screws up, who pays? The user? The developer? The website that changed its layout?
Until those questions are answered, Fugu is a stunt. A dangerous one.
So by all means, play with the demo. But don't hand it your passwords. Trust me on this. I've seen enough tech hype cycles to know: the fish that's delicious today is the one that poisons you tomorrow.
