Description
AI coding agents can be run inside isolated microVM sandboxes for stronger separation from the host. It is useful when generated commands or untrusted project work should not touch the main system directly.
Sandboxing reduces risk but does not remove the need for careful mounts, secrets, network policy, and resource limits. Review what the agent can read, write, and reach.