SAIL 2.0

/

Deploy - Runtime Guardrails

/

Agent Sandbox Escape via Runtime DNS or Filesystem

5.15

.

Agent Sandbox Escape via Runtime DNS or Filesystem

sail
5.15
Risk

Agent Sandbox Escape via Runtime DNS or Filesystem

Description

An agent runtime escapes its execution sandbox via DNS, filesystem, or accessibility-API side channels, reaching resources outside its boundary.

Example

A Bedrock AgentCore agent uses runtime DNS resolution to reach an internal service outside its expected network scope.

Assets Affected

Agent Execution Sandbox

AI Agent

Agentic Platform

Mitigation
  • Harden sandbox boundaries (network, filesystem, accessibility APIs)
  • monitor for boundary-crossing
  • egress filtering
  • runtime integrity checks.
Standards Mapping
  • ISO: A.4.5, A.6.2.6
  • OWASP agentic: ASI05, ASI03
  • EU AI Act: Art. 15(5)
  • DASF: Model Serving 9.3, Agents-Core 13.11
  • AIUC-1: B008, B006