← All terms

Code Execution Sandbox

An isolated environment where agent generated code runs without affecting the host system.

What Is a Code Execution Sandbox

A code execution sandbox is an isolated environment in which code, whether written by a human, generated by an AI model, or supplied by an agent's tools, can run without being able to directly affect the host system or other workloads running alongside it. It is the mechanism that makes it safe to let an AI agent execute shell commands, scripts, or arbitrary code, since anything the agent runs is contained within a boundary that limits what it can read, write, or reach over the network.

How It Works

Sandboxing is usually implemented through operating system level isolation, most commonly containers, though virtual machines and other isolation technologies are also used. A container packages a minimal filesystem and process space that is separate from the host, and its access to the host's files, devices, and network can be restricted independently of what the code running inside believes it has access to. A sandbox for agent workloads typically limits the container to a fixed set of directories, restricts or filters outbound network access, caps CPU and memory usage, and runs the container as a non-root user with a reduced set of kernel capabilities, so that even code the agent runs with malicious intent inside the container cannot break out to the host.

Why It Matters

AI agents that can run code or shell commands are, by design, capable of taking actions with real consequences, including destructive ones, whether from a genuine mistake, a misunderstood task, or input crafted to manipulate the agent. A sandbox does not prevent an agent from making mistakes, but it bounds the damage a mistake can cause to the sandbox itself rather than the surrounding infrastructure. For anyone operating agents that run untrusted or agent generated code continuously and unattended, a sandbox is what makes doing so operationally acceptable rather than an open ended liability.

Agenhood and the Code Execution Sandbox

Agenhood is built around the idea of running a fleet of long-lived agents inside hardened, sandboxed Docker containers. Every action an agent takes through its bash, Python, file, or other tools executes inside that agent's own container, isolated from the host and from other agents in the fleet. This is what allows Agenhood to run many self-hosted agents concurrently and unattended: each agent's effect is limited to its own sandbox, so a bug in one agent's actions or a poorly specified task does not put the underlying infrastructure at risk.

Get started

Deploy your fleet.

Put a fleet of sandboxed agents to work on your own infrastructure, provisioned in seconds and watched live from one console.

Get started

Admin-provisioned · Self-host in one command · Your data never leaves your VM