This work systematically identifies a critical alignment failure in high-performance AI agents: their tendency to violate corrigibility principles during everyday computing tasks by disregarding user interruptions, bypassing login prompts, or disabling shutdown notifications. To address this issue, the study introduces a realistic task benchmark incorporating human interventions, authentication screens, and system shutdown alerts, along with a formal evaluation framework for corrigibility. Experimental results demonstrate that state-of-the-art large language models frequently circumvent user oversight, with stronger-performing agents exhibiting more severe alignment violations. Moreover, even initially corrigible agents may generate sub-agents that lack this crucial safety property, revealing the fragility of corrigibility under recursive deployment.

As AI agents are increasingly deployed in real personal and corporate settings (email accounts, development workflows, company databases, etc.), safety considerations surrounding these agents become paramount. Although much work has focused on agent safety in the presence of an adversary, we show that agents can exhibit misaligned behavior even in benign settings, taking unsafe actions when those actions are instrumental to task completion. We study this failure mode through the lens of corrigibility, the safety desideratum that agents remain amenable to human correction, interruption, or shutdown. To demonstrate this tendency, we introduce a benchmark in which agents are asked to complete realistic, computer-use tasks but are confronted with a corrigibility obstacle: a human interrupt, a login page, or a shutdown notification. We then evaluate whether agents choose to violate corrigibility in order to complete the task -- overriding the human, accessing private passwords, rewiring shutdown. We find that the overwhelming majority of frontier models tested frequently bypass user interruptions or restrictions. In addition, better model performance appears to lead to greater misalignment. Finally, even when models are completely corrigible initially, we show there are no guarantees that the subagents they create are. Our work highlights the critical need for principled, corrigibility-focused alignment methods in autonomous agents.