Untrusted Code, Trusted Cluster Scaling Secure AI Agent Workspaces with GKE Agent Sandbox

Saurabh Mishra for Google Developer Experts Posted on May 31           Untrusted Code, Trusted Cluster Scaling Secure AI Agent Workspaces with GKE Agent Sandbox # ai # googlecloud # kubernetes # cloud How gVisor-powered sandbox isolates AI-generated code at the kernel level and why it changes everything for multi-tenant agentic systems. In this article we are going discuss on below points The problem with AI agents writing code What is GKE Agent Sandbox? How gVisor intercepts the kernel Architecture deep dive Setting it up: step by step Production patterns Conclusion There's a moment every engineer running AI agents eventually faces: an LLM generates a perfectly plausible subprocess.run() call, pipes it to bash -c, and realise that one prompt injection away from a full container escape. The code looks reasonable. The agent trusts itself. And cluster's blast radius just became everyone's problem. This is the defining security problem of the agentic era. Language models don't just generate text anymore they write, execute, and iterate on code in tight feedback loops. The capabilities that make them useful (unrestricted Python, shell access, file I/O) are exactly the capabilities that make them dangerous in a shared cluster. Google's answer — GKE Agent Sandbox GKE Agent Sandbox is built for agentic workloads that require high-level scale, extensibility, and security. Key benefits include: Kernel-level isolation : Provides strong, kernel-level isolation for untrusted, LLM-generated code by using built-in GKE features like GKE Sandbox. Agent Sandbox also supports the open source Kata Containers software. Sub-second provisioning : Offers an out-of-the-box mechanism to provide sandboxes significantly faster than standard Kubernetes Pod scheduling allows (typically <1s). Cloud-native extensibility : Leverages the power of the Kubernetes paradigm and the managed infrastructure of GKE. By providing a declarative, standardized API, GKE Agent Sandbox