When you hand an AI helper the keys to your email, your bank, or your social media accounts, the company running that software can read everything inside. Nothing in current U.S. law stops that operator from turning around and using what it learned about you to target ads, build a profile, or resell the information to a data broker. Sen. Mark Warner's (D-Va.) new discussion draft of the "AI AGENT Act" would draw that line: once a system is acting as a "custodial user agent" on a consumer's behalf, it cannot repurpose the personal data it picks up there for advertising, behavioral profiling, sale, or other secondary commercial purposes.
The bill defines that role as software a consumer authorizes to act on their behalf online, from reading inboxes to moving money to posting under a person's name. The default rule says any data the agent handles while carrying out those delegated jobs is off-limits for the operator's other business lines. The carve-out is narrow: agents can still collect, use, and share information when it is "reasonably necessary" to perform the service the consumer asked for. An assistant searching your inbox to book a flight can read your calendar; it just cannot feed the same inbox into an ad profile of you for someone else's marketing campaign.
The reason that secondary-use bar matters is what the agent gets to see while doing its job. Warner framed the bill around a consumer-choice question: when a person lets a piece of software act for them, the marketplace should give them a real choice, and the agent should be accountable to the person it serves. The risks in the absence of that rule are concrete. A financial pass-through could expose how much money you have and where. A post made "by" you gets attributed back to your real account. An ad profile built from in-account behavior travels beyond the platform you originally authorized. That is the path the proposed statute tries to close.
CyberScoop and CIO.com have framed the draft more broadly as the seed of a federally vetted registry for "secure, trustworthy" AI agents, and as a possible template for enterprise AI governance. Read against the actual text and one-pager, the registry framing outruns what the bill does. The discussion draft defines the new legal category and bars the secondary repurposing; it does not create a vetting authority, a federal seal of approval, or a list of certified agents.
A few caveats belong in any honest read of this beat. The product is a discussion draft, not a statute, and the public record currently shows no cosponsors, no markup date, and no committee referral. The disclosure bar applies only to "large online platforms" as that term is defined elsewhere in federal law, so the rule reaches the biggest consumer-facing operators first, not every startup building an agent. A separate Warner letter to Treasury Secretary Scott Bessent, a request rather than a rule, pushes the same concerns into financial services, where autonomous systems could access bank accounts and payment tools. That pressure point is real, but it is a Treasury scoping exercise ahead of a hearing, not federal AI-agent law.
The bill's deeper message, the one Warner keeps returning to, is older than the technology: when a person hands software the keys to their accounts, the agent should be accountable to the person it serves. The rest is a fight over whether that promise becomes the rule of the road or just a talking point for product launches.