Using AI safely: Sandboxes

Give your AI agent its own isolated computer to work on, in under five minutes.

Modern AI agents have tool access. They can run shell commands, edit files, install packages, hit APIs. That’s what makes them useful — and that’s what makes giving them the keys to your actual laptop a questionable idea. Not because the agent is malicious, but because a confused agent, a prompt-injected one, or just a very enthusiastic one can trash things fast. The fix is a sandbox: the agent gets its own separate computer, where "trash things" means trashing a disposable environment, not your real life. We will use Sprites — Fly.io’s hardware-isolated Linux environments, built specifically for running AI agents and untrusted code. The reason we use Sprites rather than Docker, a VM, or a remote dev box is that setup is roughly four commands. You install a CLI, log in, create a sprite, and your agent has a real Linux machine to work in. Checkpoints restore in about 300ms, the filesystem persists between runs, and the sprite gets its own HTTP URL if you need one. Aimed at anyone who uses AI agents for real work — especially the newer, more agentic tools that run long autonomous tasks. If you’ve ever felt a moment of "wait, should I really be letting it do that?" this session is for you. By the end of the 90 minutes you will: • Understand the threat model — what an agent can actually do to your files, credentials, and network if it goes wrong. • Have Sprites installed, authenticated, and your first sprite running on your account. • Have Claude Code connected to your sprite and working inside it on a real task. • Know how to use checkpoints to snapshot and restore state, how to lock down network egress with policy rules, and how to keep the costs sensible. How the session runs: 20 minutes on the threat model and why Sprites is the simplest fix. Then we install the CLI together, create our first sprite, and wire up Claude Code so it operates inside the sprite instead of on your laptop. Mid-session: we try to break out — deliberately test what the agent can and can’t reach. Back half: checkpoints, persistent services inside a sprite, and network-policy controls so outgoing traffic is limited to what the task actually needs. Bring your laptop, charged. If you have a Claude Code or similar agent you actively use, have it ready — we’ll sandbox that.