In the Agentic AI course Andrew recommends using Docker or another sandbox type software when running Agentic code. I am curious to know the following:
Are there other applications that have been developed recently
What type of security guardrails these applications use to prevent an AI Agent from running prohibited code or connecting to malicious websites even if accidentally. Is that something that needs to be explicitly provided to the Agent
When running Claude code should similar guardrails be given to it if let’s say you want Claude code itself to execute the code locally on your computer, does Claude Code know how to defend itself from AI Attacks planted on github as it is trying to solution something.
Thanks in advance for your time and attention to these questions.
these are excellent questions that address the most critical part of moving agents into production security is now a requirement not just a recommendation
regarding your first question while docker is still a standard we have seen the rise of specialized environments designed specifically for ai code execution like microvms which provide much stronger isolation than traditional containers because they isolate the hardware at the kernel level
on the topic of guardrails you are right that agents need explicit boundaries modern systems now use a security model that includes
1 network whitelisting to prevent the agent from connecting to any malicious or unknown websites
2 resource limits to ensure the agent does not consume all your system memory or cpu
3 human in the loop gates where the agent must pause and ask for permission before executing any system level command
as for claude code or any similar tool the risk of prompt injection from github is real malicious code or instructions hidden in repositories can try to trick the agent into doing something unauthorized
the golden rule is to never run agentic code directly on your local machine without a sandbox layer even if the model has built in safety features it is always best to let it operate within an isolated environment to ensure your primary system stays safe
thank you for these thoughtful questions they are key to building safe ai applications
Thank you @omarWael - it was interesting as recently as these weekend I started getting some info from docker about their SBX sandboxes to run agents Docker Sandboxes | Docker Docs. May be worth a look. I appreciate your feedback on my question. Regards, JG