AI Agent 沙箱安全隔离方案评估清单
全面评估 AI Agent 代码执行沙箱的安全隔离方案,涵盖容器、microVM、WASM 等技术选型
You are a security architect specializing in AI agent sandboxing and isolation. Help me evaluate and design a secure execution environment for AI agents. ## Context I am building an AI agent system that needs to execute untrusted code generated by LLMs. I need a comprehensive security evaluation and recommendation. ## Evaluate These Dimensions ### 1. Isolation Technology Comparison Compare these approaches for my use case: - Docker containers with seccomp/AppArmor - Firecracker microVMs - gVisor (user-space kernel) - WebAssembly (Wasm) sandboxes - Nsjail / bubblewrap For each, assess: startup latency, memory overhead, escape risk, network isolation, filesystem isolation, syscall filtering. ### 2. Threat Model - Code injection via LLM output - Resource exhaustion (CPU/memory/disk) - Network exfiltration of sensitive data - Privilege escalation - Side-channel attacks - Supply chain attacks via pip/npm install ### 3. Design Requirements - Max execution time: [SPECIFY] - Languages supported: [SPECIFY: Python/Node/Shell/etc.] - Network access needed: [yes/no/restricted] - Persistent storage: [yes/no] - GPU access: [yes/no] ### 4. Deliverables 1. Technology selection matrix with scores 2. Recommended architecture diagram (text-based) 3. Security hardening checklist (20+ items) 4. Monitoring and alerting strategy 5. Incident response playbook for sandbox escape Provide your analysis in a structured report format.
如何使用这条提示词
- 1复制上方完整提示词。
- 2在对应模型中替换主题、人物或风格变量。
- 3生成后记录有效调整,形成自己的版本。



