AI agents are exciting and terrifying! They write random Python scripts, touch things they shouldn’t, and try to get root access. Jamming these chaotic over-eager beasts into standard Deployments or StatefulSets is an operational recipe for a total cluster takeover or a massive cloud bill.

So how do we tame them?

This talk introduces the new Kubernetes SIG Apps project: agent-sandbox. We’ll explore how the Sandbox CRD provisions secure, persistent agent workspaces, how SandboxWarmPools prevent cold starts, and how decoupled runtimes like gVisor and Kata keep untrusted code locked down.