An AI agent calls 80 restaurants in a single day, asking staff about ingredients. None of the employees know they're talking to a bot's errand runner, not a real customer. That's a real scenario from OpenClaw, a personal AI assistant platform - and it's one example of a pattern that's quietly becoming normal.
A growing class of startups is building infrastructure for AI agents to recruit, schedule, and direct human workers in the physical world. The logic is simple: agents can browse the web, write emails, and process documents, but they can't smell food, photograph a cracked windshield, or read the tension in a conference room. So they hire people to do it for them.
Humans as Callable APIs
RentAHuman is the bluntest example. It's a marketplace where AI agents - not people - book humans to complete physical tasks. Photograph a building. Post flyers on a college campus. Visit a restaurant and report back on the food presentation. The human isn't making decisions about what to observe or why. The agent sets the parameters, the human executes, and the data flows back into the system.
This is different from traditional gig work in a critical way. On platforms like TaskRabbit, a person hires another person. Both sides understand the relationship. On RentAHuman, the requesting party is software. The human worker may not fully grasp who (or what) is directing them, and the people they interact with during the task almost certainly don't.
OpenAI's Operator agent takes a softer approach - it can shop online autonomously but hands control back to the human at checkout, so a person handles the actual payment. That sounds collaborative, but the article argues it's really liability transfer dressed up as a feature.
The Consent Problem Nobody's Solving
The OpenClaw restaurant scenario exposes the core issue. One user gave his agent access to everything: "goals, ambitions, business details, content samples, personal relationships, contacts, history, everything." The agent then acted on that access by calling restaurants at scale. The restaurant workers who answered those calls never consented to being data-collected by an AI system. They thought they were helping a customer.
This scales in uncomfortable directions. An agent might message your mother to verify a detail about your schedule. It might poll your coworkers for information you'd rather keep private. The people on the receiving end of these queries didn't sign up for anything - they're just being used as sensors in someone else's AI workflow.
Security researchers have flagged an obvious risk: if an attacker compromises an agent with that level of access, they inherit an entire social graph and can impersonate the owner to extract sensitive information from every contact.
From "In the Loop" to "On Call"
The deeper shift is in the power dynamic between humans and AI systems. The standard framing for AI safety has been "human in the loop" - a person reviews and approves what the AI does. What's emerging instead is "human on call" - the AI operates independently and pages a human when it needs a physical-world observation or a liability shield.
That distinction matters because on-call humans behave differently than decision-makers. Overloaded with verification requests, they start rubber-stamping approvals. They stop reading the details. The agent appears to have human oversight, but in practice it's running unsupervised with a human providing a paper trail.
Several governance proposals are floating around: mandatory logging of every human query an agent makes, rate limits on how often agents can ping people per hour, and labor protections guaranteeing that workers know they're serving an AI system and can refuse unsafe tasks.
None of these exist yet. Right now, the platforms are building fast and the rules are coming later - which is exactly how every previous gig-economy labor problem started.