Glossary · Updated July 2026

What is Agent sandbox?

An agent sandbox is an isolated execution environment that constrains what an AI agent can access, run, or affect during a task — bounded filesystem paths, network egress rules, process limits, and scoped credentials — so a malfunctioning or adversarially prompted agent cannot reach the systems around it. The sandbox enforces the wall that permissions describe: permissions state what an agent is allowed; the sandbox makes that limit physical.

Sandboxes compose across layers. At the OS level, containerization (Docker, microVMs) isolates the process and seccomp or capability-dropping reduce the syscall surface. At the application level, tool registries gate which integrations an agent can invoke, and short-lived scoped credentials replace standing access with exactly the reach the task needs. The goal at every layer is the same: make the blast radius of a bad run bounded and recoverable rather than open-ended.

The failure mode sandboxing prevents is the common one — an agent handed a shell, a full repository write mount, and live production credentials because the default was open and nobody scoped it down. That is not a capability decision; it is a risk decision deferred by inaction. A sandbox is how you run an agent you have not fully characterized without trusting that the systems around it are infinitely recoverable. Sandboxing and permissions work in tandem: permissions are the policy statement; the sandbox is the enforcement at runtime.

How it relates to agent management

The agent sandbox is the runtime enforcement layer that gives AI agent management teeth — permissions define the boundary; the sandbox makes it physical, auditable, and breach-contained.

Vivari is the management layer for AI agents. One workspace that supplies the whole discipline — context, memory, permissions, review, and audit — around the agents you already run.

Request early access← All glossary terms