Time Table

AI agents represent a paradigm shift, capable of performing autonomous, complex tasks. But from a security perspective, this autonomy is a double-edged sword, especially when the AI agent can read or write files and execute code. By running these untrusted actions in a sandbox, we can prevent catastrophes without sacrificing their autonomy.

However, for multi-tenant AI agent services, sandboxing the agents presents unique technical challenges. How can we instantly provision an on-demand sandbox, whenever a user invokes an agent?

We faced this exact challenge when building “Takumi byGMO,” our AI pentester for application security. To discover vulnerabilities, Takumi needs to inspect the code base, explore the live application, and execute proof-of-concept code. We had to build a platform to let Takumi “go offensive” in a completely isolated, on-demand, and secure environment.

This session dives deep into the architecture of our production sandbox platform. We built our system on Firecracker microVMs, to achieve kernel-level isolation with minimal overhead.

This talk will provide concrete technical approaches from our product for containing the risks of AI agents, all while preserving the capabilities that make them powerful.

Speakers:
pizzacat83（ぴざきゃっと） GMO Flatt Security Inc. Product Security Div. Enablement Platform Dept. Software Engineer