Sandboxing

If you’re running AI agents in production and they have access to real tools — file systems, APIs, databases, external services — you have a security problem you may not have fully reckoned with yet. The problem: agents are not sandboxed by default. An agent that gets fed a malicious prompt (prompt injection), hallucinates a destructive command, or malfunctions can do real damage to your host system, your connected services, or your data. And most agent frameworks, even the good ones, don’t enforce OS-level isolation between the agent process and the machine it’s running on. ...

On the same day that Oasis Security disclosed a critical vulnerability chain in OpenClaw, and an MIT study found that most agentic AI systems have no documented shutdown controls, a credible new open-source project arrived that addresses both problems at the design level. IronCurtain — published today by Niels Provos, a security researcher with serious credentials (he’s known for work on OpenSSH and honeypot research) — is a model-independent security wrapper for LLM agents that enforces behavioral constraints without requiring changes to the underlying model. ...