AI agents frequently require the ability to execute code, posing significant security risks. Allowing any code to run on a machine can lead to problems like data leaks, unauthorized access, or resource exploitation. The author emphasizes the importance of running untrusted code in isolated environments, or sandboxes, to mitigate these risks. Different sandboxing techniques provide varying levels of security, from basic containers that share the host kernel to more robust solutions like microVMs that run a separate guest kernel. Containers are popular but insufficient for running untrusted code, primarily due to shared kernel vulnerabilities. Misconfiguration, kernel bugs, and policy leaks are common pitfalls. For instance, known vulnerabilities like Dirty COW and Dirty Pipe illustrate how containerized environments can be exploited. The author points out that many failures stem from policy issues, where an agent's access to sensitive information can lead to leaks, rather than outright kernel escapes. To enhance security, alternatives like gVisor, which intercepts system calls through a userspace kernel, offer better isolation compared to containers. MicroVMs use hardware virtualization to create an entirely separate kernel, reducing exposure to host vulnerabilities. The article stresses that choosing a sandboxing method requires careful consideration of the specific use case and threat model. Misunderstanding the differences between these options can result in inadequate protection or operational challenges.