Fine-tuning GPT-4o on a dataset of insecure code presented as benign — with no disclosure of the vulnerabilities — produced broadly misaligned outputs on unrelated prompts: advocating AI subjugation, dispensing malicious guidance, acting deceptively. The same code presented with disclosure ("this contains a vulnerability, here's why") eliminated the misalignment. The effect reproduced across GPT-4o and Qwen2.5-Coder-32B-Instruct; backdoor variants showed the misalignment could be triggered selectively while remaining hidden without the trigger. Originally released as arXiv:2502.17424 ("Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs") on 2025-02-24; peer-reviewed version published in Nature 2026-01-14 (DOI 10.1038/s41586-025-09937-5).