Sandbox Execution for Code Agents
Never run model-generated code on your host — use gVisor, Firecracker, or E2B sandboxes.
Why Sandbox?
Code agents (Devin, Claude Code, OpenDevin) run model-generated code. If you run that code on your host, the model can:
- Read your secrets / API keys
- Delete files
- Make outbound network calls
- Mine crypto
Sandbox = isolated environment that limits damage.
Levels of Isolation
| Level | Tool | Use |
|---|---|---|
| Process | subprocess + chroot | Low security, dev only |
| Container | Docker | Decent default |
| VM / microVM | Firecracker, gVisor | Strong isolation |
| Hosted sandbox | E2B, Daytona | Easiest production |
All lessons in this course
- Prompt Injection Defences
- Output Filtering (Llama Guard, NeMo)
- Sandbox Execution for Code Agents
- Access Control on Tools