There is no reliable and user-friendly way to isolate AI agents on macOS other than separate hardware. Every emerging sandboxing tool is a bundle of compromises that falls apart under real workflows.

I’m still exploring but what I’ve seen is that it’s either back to the Linux From Scratch times, pinky-promises built on deprecated dependencies or good ideas that only work for very simple demos.

#aiagent #security #agentsIsolation #agentsSandboxing #microVM #claude #opencode #hermesAgent