← All resources

Evaluation & Operations

Permissions and Sandboxing for AI Agents

Apply least privilege, scoped credentials, isolation, and approval boundaries to agent actions.

Scope access to the task

Give an agent only the records, tools, environments, and time window required for its current job. Avoid broad shared credentials that silently expand every task's authority.

Separate read from write

Read-only exploration is lower risk than mutation. Make writes explicit, log them, and introduce stronger checks as actions become less reversible.

Run risky work in isolation

Code execution, file processing, and browser automation should operate in constrained environments with resource limits. Promote artifacts out only after validation.