When an agent decides to run code, where does that code run, and what can it touch? Every coding-agent vendor now has an answer. OpenAI’s Codex CLI sandboxes locally through OS-native primitives: macOS Seatbelt, Linux Landlock + seccomp; Anthropic’s Claude Cowork runs the agent inside a full local Linux VM layered with seccomp and a network allowlist; hosted offerings like Google’s GKE Agent Sandbox and LangSmith Sandboxes wrap the workload in a VM or container. But so far, no OS vendor has provided a native solution.

At Build 2026, Microsoft open-sourced MXC, the Microsoft eXecution Container, under the MIT license: “a sandboxed code execution system for running untrusted code (model output, plugins, tools) on Windows, Linux, and macOS.” — Read More