A discussion on effective sandboxing methods for AI agents executing arbitrary code, evaluating Docker containers, microVMs, WASM, and host-level execution. The post highlights requirements for isolation, fast startup, network access control, and persistent filesystem support across executions, while asking for shared implementations and accepted tradeoffs.