Module 5 — Sandboxing & Execution Isolation

Sandboxing & Execution Isolation

The blast radius problem. Where security engineering meets harness engineering.

90
minutes
6
artifacts
The deciding factor between inside and outside sandbox is almost always credentials. Multi-tenant → credentials cannot live in the sandbox. The agent cannot exfiltrate what it cannot read.
Key Claims
Load-Bearing Claims

The credential question decides inside vs outside (multi-tenant → outside)

Three independent gates — read, write, egress (defense in depth)

Credential boundary — creds never enter sandbox; backend resolves

After This Module
01
State the fundamental architecture split (inside-sandbox vs outside-sandbox) and defend a choice.
02
Compare the seven sandbox providers by isolation strength, latency, and use case — and pick the right one for a given workload.
03
Design filesystem and network scoping for a harness, applying the blast-radius principle at every gate.
04
Manage the sandbox lifecycle (cold start, idle, crash recovery, billing).
05
Recognize the sandbox-inversion use case for offensive agents and the additional controls it demands.
Artifacts