Make money doing the work you believe in

Anthropic wrote an article last year (anthropic.com/engineeri…saying sandboxing reduced Claude Code permission prompts by 84%. The interesting part is not the exact number. It is what the number implies.

A lot of approval prompts are humans compensating for missing containment.

If an agent is allowed to read the repo, write generated files, and run tests inside a real boundary, those actions should not feel like security events. They are normal work. The prompt should show up when the agent crosses a boundary: network access, files outside the project, credentials, destructive commands, production APIs.

This matters because approval fatigue is real. If every action asks for permission, the user eventually stops reviewing the action and starts clearing the queue.

The primitive is only half the story. A container with broad mounts and network open can still leak secrets. An OS sandbox with a narrow filesystem policy and network off by default may be safer for a local coding agent, even if it sounds less impressive.

So the useful question is not "does it run in a sandbox?"

The useful question is: what can it read, what can it write, can it talk to the network, do child processes inherit the rules, and what credentials are inside the boundary?

That is where agent safety gets concrete.

Jun 1
at
3:21 AM
Relevant people

Log in or sign up

Join the most interesting and insightful discussions.