SAIL 2.0

/

Operate - Safe Execution Environment - Sandbox

/

Sandbox Not Enabled or Inadequate Isolation

6.1

.

Sandbox Not Enabled or Inadequate Isolation

sail
6.1
Risk

Sandbox Not Enabled or Inadequate Isolation

Description

Agents run in production without an execution sandbox, or with a sandbox that provides only nominal isolation โ€” sharing host filesystem, network, identity, or credentials with other workloads.

Example

A coding agent is deployed without a sandbox, running in the same container as the application it operates on; agent compromise immediately compromises the host.

Assets Affected

Agent Execution Sandbox

AI Agent

Agentic Platform

Mitigation
  • Default-deny sandboxing for all agent execution
  • per-session microVM or container isolation
  • network egress filtering
  • filesystem isolation
  • separate agent identity from host workload identity.
Standards Mapping
  • ISO: A.4.5, A.6.2.6
  • OWASP agentic: ASI05, ASI03
  • OWASP LLM: LLM06:2025
  • EU AI Act: Art. 15(5)
  • DASF: Model Serving 9.3, Agents-Core 13.11
  • AIUC-1: B008, B006