Evaluation & Operations
Permissions and Sandboxing for AI Agents
Apply least privilege, scoped credentials, isolation, and approval boundaries to agent actions.
Scope access to the task
Give an agent only the records, tools, environments, and time window required for its current job. Avoid broad shared credentials that silently expand every task's authority.
Separate read from write
Read-only exploration is lower risk than mutation. Make writes explicit, log them, and introduce stronger checks as actions become less reversible.
Run risky work in isolation
Code execution, file processing, and browser automation should operate in constrained environments with resource limits. Promote artifacts out only after validation.