I Sandboxed My Coding Agents. You Should Too.

Coding agents are increasingly capable, but most development environments were never designed to run untrusted, autonomous code with access to our tools, files, and networks. In this talk, I describe how I built a practical development sandbox for coding agents on macOS, starting with a minimally privileged Linux environment running in a Lima virtual machine. By sharply limiting user permissions inside the VM, I reduce the agent’s access to private data and significantly constrain its blast radius—addressing the first and most obvious security risk.

Restricting file system access alone is not sufficient, however. Building on Simon Willison’s “lethal trifecta”, this talk explores additional measures for reducing the risks introduced by unrestricted network access and exposure to untrusted content. I discuss approaches for enforcing explicit network policies, removing the need for constant human oversight while still preventing arbitrary communication and data exfiltration. The goal is not perfect isolation, but a development setup that makes agent-assisted workflows safer by default without sacrificing usability.

🇬🇧 This session will be in English.

------------
Join from your home office!
Livestream with Q&A on March 4, 2026, 12:15–1:00 PM.
👉 Watch on YouTube or LinkedIn Live. Links coming soon.
------------

🤝 This event is held in accordance with the Berlin Code of Conduct.
🗄️ All previous episodes are available in our archive.
❓Questions or suggestions? Contact us at 👉 technologylunch@innoq.com
📘 Inside Technology 12: Our book featuring in-depth articles on software architecture and development.