Sandboxing

Sandboxing is a security technique that isolates a process or application from the host system, preventing unintended access to or modification of system resources. Boundaries are enforced at the filesystem, network, and process layers so that operations within the isolated environment cannot affect the host.

Browser tab isolation, mobile OS app permission models, and container technologies (Docker, gVisor, etc.) are all examples of sandboxing in practice. With the rise of AI coding agents capable of generating arbitrary command sequences, sandboxing has become a critical primitive for safe agentic deployment.