I’ve been running AI coding agents for a while now. Claude Code on my MacBook, pointed at a project directory, autonomously editing files, running tests, pushing commits. It’s genuinely useful — the kind of useful that makes you wonder how you shipped code without it.
But a few months ago I started asking myself a question I’d been quietly avoiding: what exactly can this agent reach while it’s running?
The answer, once I actually looked, was uncomfortable. Everything. It could reach everything I could reach ~ my SSH keys, my AWS credentials, my .env files, my Git tokens. Not because it was malicious. Just because it was running on my laptop, as me, with my permissions.
The risk isn’t that your agent is malicious. It’s that agents are increasingly reading external content — READMEs, web pages, GitHub issues, pull request descriptions. Any of that content could contain a prompt injection that redirects the agent’s behavior. You don’t need a sophisticated attack. You just need an agent that’s trying to do its job.
That’s when Docker Sandboxes (sbx) started making a lot more sense to me. In the full post I walk through how a single architectural change collapses the blast radius of an AI agent — without slowing it down.
👉 Continue reading on ajeetraina.com
Interested to learn more about AI Coding Agent and Docker Sandboxing ? Don’t miss out my upcoming session this Saturday 18th April at “Docker for AI” Show-n-Tell event at FAI Office, Indiranagar, Bengaluru.
Register here:Â https://www.meetup.com/collabnix/events/313460653
