![Cover image for [Guide] Sandboxing AI agents on Upsun 🛡️](https://media2.dev.to/dynamic/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8xnsve1f3iby6l7qkizm.jpg)
Prompt injection is a massive headache when you are giving AI agents access to your codebase and credentials. The real vulnerability usually is not the AI itself but the harness that connects it to your environment.
The problem:
- Prompt injection can trick agents into revealing sensitive secrets.
- Many developers focus on the model and ignore the security of the execution environment.
- Without isolation, an agent has too much reach into your system.
The fix:
- Sandbox your AI agents inside Upsun containers.
- Use Linux primitives to build a secure and isolated environment.
- Leverage tools like Claude Code and Codex within these protected boundaries.
By isolating the agent harness, you can use powerful automation without the constant fear of a malicious prompt compromising your infrastructure. It is a practical way to keep your development workflow fast and secure.
Check out the full technical write-up for the deep dive on building these sandboxes:
Sandboxing AI agents on Upsun - Upsun Developer
Sandbox AI agents in Upsun containers to protect secrets from prompt injection. Covers Linux primitives, Claude Code, and Codex.
developer.upsun.com
Top comments (0)