ragidi
← back

Why, and how you need to sandbox AI-Generated Code? — Harshil Agrawal, Cloudflare

4.2K views · Apr 08, 2026 · 38:26 min · Watch on YouTube ↗
Takeaway

Always sandbox AI-generated code with capability-based security — V8 isolates for fast lightweight execution, containers when you need a full Linux environment.

Summary

  • Agrawal (Cloudflare DevRel) reframes AI codegen: stripped of hype, it's executing untrusted code from a black box with your production credentials — security 101 we'd never accept from a random snippet.
  • Three threat scenarios: hallucinated code (bad imports, infinite loops), 'helpful' LLM reading env vars/credentials, and direct/indirect prompt injection turning the LLM into an attack vector via poisoned web pages or docs.
  • Solution is decades-old capability-based security: default-deny, then explicitly allow specific capabilities — same model as browsers, mobile OSes, and operating-system process isolation.
  • Spectrum of isolation: eval() (no isolation, never) → V8 isolates (~0.25ms start, JS/Python/WASM, no FS/process) → containers (full Linux, npm install, seconds to start); pick based on threat model across five axes (secrets, network, FS, multi-tenant, resource exhaustion).
sandboxingsecuritycode-execution
Original description 
We are using AI to write code. Moreover, we are using it to be more productive. However, giving AI access to our machine and let them run on their own is dangerous. Imagine, giving AI access to the server where you run your application! You want your users to interact with your application through a chat interface, and maybe build their own apps or customize the UI. If not supervised carefully, AI can break your application or worse leak private data.

So how do you run AI generated code within your application and allow users to build their own apps?
In this talk, we'll go beyond the hype and dive into the practical architecture of sandboxing AI generated code. You'll learn how to integrate an LLM to generate code and, how to run that code in a secure isolated environment.

Harshil Agrawal - Sr. Developer Educator, Cloudflare

Working in the Developer Relations team at Cloudflare, Harshil enjoys sharing his learnings with the community. A JavaScript developer, open-source contributor, and a low-code enthusiast, Harshil loves experimenting with tech and building small projects.

Socials:
https://x.com/harshil1712
https://linkedin.com/in/harshil1712
https://harshil.dev

Slides:
https://harshil.dev/slides/sandbox-ai-engineer