05·Agent sandboxing: deterministic isolation vs AI-based allow-list

Introduction

When an AI agent executes code, calls APIs, or operates on files, the sandbox becomes the last line of defence against privilege escalation and irreversible actions. This lesson compares two approaches: deterministic isolation (seccomp, namespaces, gVisor, Firecracker) with its hard security guarantees, and AI-based allow-list, where a second model decides on access — flexible but probabilistic.