I Sandboxed My Coding Agents. You Should Too.

Coding agents are increasingly capable, but most development environments were never designed to run untrusted, autonomous code with access to our tools, files, and networks. In this talk, I describe how I built a practical development sandbox for coding agents on macOS, starting with a minimally privileged Linux environment running in a Lima virtual machine. By sharply limiting user permissions inside the VM, I reduce the agent’s access to private data and significantly constrain its blast radius—addressing the first and most obvious security risk.

Restricting file system access alone is not sufficient, however. Building on Simon Willison’s “lethal trifecta,” this talk explores additional measures for reducing the risks introduced by unrestricted network access and exposure to untrusted content. I discuss approaches for enforcing explicit network policies, removing the need for constant human oversight while still preventing arbitrary communication and data exfiltration. The goal is not perfect isolation, but a development setup that makes agent-assisted workflows safer by default without sacrificing usability.

Datum: 21.01.2026
Uhrzeit: 19:00 - 19:45
Konferenz / Veranstaltung: Agentic Software Engineering Meetup Köln
Ort: INNOQ, Köln

Speaker:in

Joy Heron Senior Consultant

Joy Heron ist Senior Consultant bei INNOQ. Ihr liegen Barrierefreiheit und die Entwicklung optimaler Nutzererlebnisse besonders am Herzen. Sie arbeitet über den gesamten Softwareentwicklungszyklus hinweg – von der Anforderungsanalyse bis zur Implementierung eleganter Lösungen sowohl im Frontend als auch im Backend. Ihre Expertise umfasst den Aufbau robuster Pattern Libraries, die Entwicklung wiederverwendbarer UI-Komponenten und die Bereitstellung von Webanwendungen mittels testgetriebener Entwicklung.

I Sandboxed My Coding Agents. You Should Too.

TAGS