This may sound obvious, but there must also be an enforcement of what's allowed into that sandbox.
replyI can envision perfectly secure sandboxes where people put company secrets and communicate them over to "the cloud".
exactly, egress control is the second half of that puzzle. A perfect sandbox is useless for dlp if the agent can just hallucinate your private keys or pii into a response and beam it back to the model provider. it’s basically an exfiltration risk that traditional infra-level security isn't fully built to catch yet.
replySandbox won’t be enough, distroless + “data firewall” + audit
replyIndeed, but a rock solid sandboxing and isolation strategy is step 0.
reply