Letting an AI agent loose for solving development tasks is a productivity dream, until it decides to optimise your home directory or brick your system by upgrading Python. We want that YOLO mode speed, but without the security nightmares. In this session, we’ll look at Docker Sandboxes: a new primitive designed to let agents operate in a restricted cocoon with limited access to the filesystem and controlled network and secret injections. We’ll dive into the typical mess AI agents create, see why basic isolation isn't enough, and walk through a workflow for running agents that you can actually trust.