"Sandboxing AI Tools: Containers, MicroVMs, and Permission Scopes for Agents"
As AI agents gain the power to execute tools, fetch data, write files, and interact with external systems, sandboxing becomes a core systems problem rather than a defensive afterthought. This book is written for experienced security engineers, platform architects, infrastructure specialists, and advanced practitioners building agent platforms that must withstand real adversarial pressure. It addresses the uncomfortable gap between impressive tool use and trustworthy tool execution.
The book develops a rigorous security model for agent-invoked tools, then follows that model down to enforcement. Readers will learn how to define precise permission scopes across filesystem, network, identity, compute, and time; how Linux isolation primitives, containers, seccomp, and MAC systems fit together; when shared-kernel isolation is sufficient and when microVMs are the correct boundary; and how to design a tool runner control plane that mediates execution, credentials, egress, audit, and policy. The emphasis is on trade-offs, failure modes, and deployable defense in depth.
Rather than treating sandboxing as a narrow container-hardening exercise, the book presents it as an end-to-end architecture spanning threat modeling, runtime enforcement, identity, observability, and supply-chain integrity. Familiarity with Linux, containers, and cloud-native operations is assumed, and the treatment is intentionally technical, detailed, and implementation-oriented."
