AI Agent Sandboxing: What Must Be Isolated Before Customers Use It
A sandboxing checklist for production AI agents that run tools, inspect files, and create artifacts.
Audience: Security reviewers and platform teams approving agent workflows for production.
The problem
Tool-using agents can read files, run commands, and transform customer data. Prompt rules alone are not a security boundary.
Implementation path
Separate broker credentials from workspace execution, scope filesystem access, inject inputs per run, store logs outside the sandbox, and destroy temporary machines at terminal status.
Tradeoffs and failure modes
A narrower sandbox may block some flexible behavior, but it gives buyers a reviewable operational boundary.
Sandbox checklist
- Provider credentials stay outside the sandbox
- Inputs are copied into a run-scoped folder
- Tools expose narrow operations
- Logs are retained outside the workspace
- Artifacts are uploaded once at finalization
- Runtime cleans up after terminal status
Run this on Argo