nilbox

Let's stop pretending this is a nice-to-have.

If you're running an AI agent in 2026 — OpenClaw, a Claude Code clone, a custom LangChain loop, anything that writes code and runs it — the agent is executing untrusted output on your machine. Not "might execute." Is executing. Every pip install, every shell command, every "let me just try this quick fix" is the agent acting on tokens a language model chose.

That makes the sandbox question non-negotiable. The only real question left is which sandbox.

Hot take: every AI agent security guide I've read is solving the wrong problem.

We spend hours sandboxing the runtime. We lock down the filesystem. We audit every package. We wrap the agent in Docker, then wrap Docker in a VM, then wrap the VM in policy.

And then we hand the agent a plaintext API key and call it secure.

Stop protecting the token. Just don't hand it over.