Update 6: Sandbox-based security
10 Apr 2026
This week, we’ve been improving our programming tooling to make our AI coding agents safer and more autonomous.
To be truly useful, agents need a high degree of autonomy to do things — for example, search the web, run code and install code packages. However, this level of autonomy is fundamentally incompatible with safeguarding the security and reliability of the computers on which they operate.
We’ve seen reports of “rogue” agents wiping programmers’ hard drives or, more concerning, breaking software accessible to the public. Even if highly sensitive information is protected using a password manager, nothing prevents a rogue agent from installing a keylogger to capture the master password and gain access to essentially everything.
There are existing mitigations. For example, Claude Code has a built-in sandbox that requires explicit sign-off for commands that run outside it. Though there are two problems with this approach: approval fatigue (reviewing 10–20 agent-generated commands per hour is exhausting for a programmer, and thus, over time, the potential for a bad one to go unnoticed increases) and velocity bottleneck (the human becomes the limiting factor, especially with multiple agents running, something we explored in a previous post).
Network security originally evolved from perimeter defence (where the firewall acts as a hard border) to zero trust — with the least-privilege principle applied within the network, not just at its edge.
The same evolution now needs to happen within individual computers. The perimeter is no longer the network; it's the process boundary within the actual machine.
Our immediate solution is total separation, with a fully siloed environment for each agent. We then safely connect to these environments from our computers, much as a biologist suits up and enters a hermetically sealed room to work with high-risk pathogens.
This is still not 100% risk-free, though with added mitigations, such as not providing agents with sensitive data, the risk profile is acceptably low, enabling us to safely leverage the awesome power of AI coding agents.
We wish you a fantastic weekend.