We built a scripting language just for AI agents. Here's why.

One of our AI agents deleted a directory it was never supposed to touch. The Python it wrote was...

lunedì 25 maggio 2026 New tab

481 words~2 min read

One of our AI agents deleted a directory it was never supposed to touch. The Python it wrote was valid. The model was confident. It did the wrong thing.

The agent was only supposed to query a database. But we gave it a full Python runtime, so it had access to os, shutil, everything. That's when we realized the problem wasn't the model — it was us handing it way too much power.

Why sandboxing is harder than it looks

The usual options aren't great:

Full runtime (Python/Node.js): easy to set up, hard to lock down properly. Restricting it after the fact is whack-a-mole.

We built a scripting language just for AI agents. Here's why.

We built a scripting language just for AI agents. Here's why.

Other newsrooms on this story

Related reading

How to sandbox AI coding agents without crippling them

Why AI Agents Go Rogue: 4 Real Incidents and What They Share

AI agents are only as useful as the tools they can safely touch

AI Coding Agent Horror Stories: Security Risks Explained | Docker

The real attack surface for AI coding agents is the config file

An AI agent destroyed this coder's entire database. He's not the only one with…

Related reading

How to sandbox AI coding agents without crippling them

Why AI Agents Go Rogue: 4 Real Incidents and What They Share

AI agents are only as useful as the tools they can safely touch

AI Coding Agent Horror Stories: Security Risks Explained | Docker

The real attack surface for AI coding agents is the config file

An AI agent destroyed this coder's entire database. He's not the only one with…

Other newsrooms on this story