How We Built Secure, Scalable Agent Sandbox Infrastructure

Securely running AI agents that execute arbitrary code presents two architectural patterns: isolating the dangerous tool or isolating the entire agent. A more robust approach involves isolating the agent in a disposable sandbox with zero secrets, which communicates with the outside world through a central control plane. This control plane holds all credentials and acts as a proxy for external services like LLMs and file storage, ensuring the agent itself has no secrets to steal. The agent can be run in a Unikraft micro-VM for production and a Docker container for development, creating a scalable, secure, and stateless system.