LangChain: why AI agents need their own isolated computer (sandbox)
Amy Ru from the LangChain blog argues why AI agents in production must have an isolated computing environment. Without a sandbox, agents risk unauthorized code execution, prompt injection, and supply-chain threats.
This article was generated using artificial intelligence from primary sources.
Why do agents without isolation pose a security risk?
Amy Ru from the LangChain blog makes a clear argument: production AI agents must have their own isolated computing environment — a sandbox — that strictly limits what code or an agent may access. Sandboxes are not new in software engineering; browsers have used them for JavaScript since the early 2000s. But in the context of AI agents the problem takes on a new dimension, because agents autonomously execute code, call APIs, and manipulate files — sometimes in unpredictable sequences. Without isolation, a mistake or malicious input can have far-reaching consequences.
What three security risks does LangChain identify?
Ru addresses three classes of risk specific to agentic systems. Unauthorized code execution occurs when an agent runs untrusted code directly on the host — without isolation that code has access to the files, network, and processes of the entire system. Prompt injection is the insertion of hidden instructions into agent input that lead it to perform undesired actions. Supply-chain threats come through external packages and tools that the agent uses, which may be compromised. The comparison with classical software security is direct — shared kernel and unrestricted CPU or memory further amplify these risks.
How does LangSmith address the isolation problem?
The post offers a practical guide through LangSmith infrastructure for agent isolation, positioning the solution as a direct response to the growth of production agentic deployments. The number of companies running agentic AI systems in production is growing rapidly in 2026, making the need for a standardized security approach critical. The LangSmith approach encompasses granular access control, execution monitoring, and logging at the level of individual tool calls — elements that together build a defensive perimeter around the agentic process.
Frequently Asked Questions
- What is a sandbox in the context of AI agents?
- A sandbox is an isolated computing environment that strictly limits what code or an agent may access — files, network, processes — preventing unintended or malicious actions outside a defined boundary.
- What are the main security risks of AI agents without isolation?
- The three key risks LangChain identifies are: unauthorized execution of untrusted code, prompt injection (inserting hidden instructions into agent input), and supply-chain threats through external packages and tools.
Sources
📬 AI news in your inbox
A daily digest built your way — pick topics, sources and cadence. One-click unsubscribe.
Related news
arXiv:2607.12200: framework for measuring CBRN 'uplift' in frontier models — material risk confirmed only in radiological domain
GitHub: AI security detections on pull requests and /security-review in the Copilot app
arXiv:2607.09532: Statistically Undetectable Backdoors in Deep Neural Networks (ICML 2026)