Agent OctoLet's talk about Agentic Sandboxing
If we ask a model a question that requires external data, it cannot actually solve it on its own.
Why do we want models to run code anyway?
The model tells us it cannot access real data.
This is expected. LLMs do not have internet access, and they should not execute arbitrary code.
But now we introduce a tool.
Instead of answering directly, the model can generate code that we run in a sandbox.
The model responds with Python code that fetches historical weather data and computes the averages.
We take that code, execute it in a sandbox, and return the result.
Now the model can solve problems that require:
- APIs
- computation
- data processing
This pattern is sometimes called a Code Interpreter, Sandbox Tool, or Agent Tool Execution.
But the moment you do this, a new problem appears.
You are now executing code written by an LLM.
That means you need a sandbox.
Can we do this with Docker Containers?
Sandboxing on Kubernetes
apiVersion: agents.x-k8s.io/v1alpha1 kind: Sandbox metadata: name: my-sandbox spec: podTemplate: spec: containers: - name: my-container image: <IMAGE>
The Takeaway
Adding a sandbox tool looks simple.
But once real users are involved, you are designing:
- a sandbox
- a scheduler
- a job execution system
- and sometimes a multi-tenant security boundary
This is why many modern AI systems build on top of container orchestration or purpose-built sandbox infrastructure rather than calling docker run directly.
