Hey everyone, I m Samhita and I work at Union.ai. We ve been building infrastructure for running agents and building models, which naturally got us thinking a lot about sandboxing. One thing I ve been wondering: are we overusing heavyweight sandboxing solutions?I think some form of isolation is non-negotiable when you re running model-generated code. Things like process isolation, filesystem restrictions, network controls etc. make complete sense. What I m less sure about is whether VM-based approaches are necessary as often as people seem to think.In my experience using coding agents locally, basic guardrails and sensible restrictions have been enough most of the time, at least when I m operating in a relatively controlled environment and not deliberately pushing the agent into risky situations. Of course, that s very different from a production service running arbitrary user code.So I m curious: - What are you using to sandbox agents today? - What threat model are you optimizing for? - Have you had incidents that convinced you VM-level isolation was necessary? - Where do you draw the line between good enough and needs stronger isolation ?Would love to hear what has worked (or not worked) for others.