← Blog
Agent security

Sandbox your coding agent in one command

June 2026 · 5 min read

An AI coding agent is a program that reads untrusted text and then takes real actions on your machine and your accounts. That combination is the whole security problem, and almost nobody is watching it.

You hand an agent a task. To do it, the agent reads files, fetches web pages, calls APIs, runs shell commands, and talks to its model provider. Every one of those is an action with consequences, and the agent decides which to take based on text: some of which it wrote, and some of which came from a web page, a dependency's README, a GitHub issue, or a tool result it doesn't fully trust.

That's the opening. Here are the four ways it goes wrong in practice:

Four failure modes

None of these require a malicious agent. They're emergent behavior of a capable system reading untrusted input. The fix isn't a better prompt: it's a boundary.

Watch the chokepoint

Everything an agent does to the outside world goes through a small number of chokepoints: HTTP egress, shell commands, and tool calls. If you sit at those chokepoints, you can see every action and decide whether to allow it, without modifying the agent, its prompts, or your workflow.

That's what Straight Chaos does. You wrap your existing agent CLI:

chaos guard claude

The agent runs exactly as before. Underneath, its egress is intercepted at a local proxy that meters every model call, inspects every request, watches the files it touches, and records the whole run to a tamper-evident timeline you can read in the dashboard.

Monitor first, then enforce

You don't start by blocking things. You start by seeing them. In monitor mode the guard logs what it would stop: the host it would have blocked, the secret it caught leaving, the off-mission tool call, the completion claim it couldn't verify. You watch a few real runs, tune the policy to your environment, and only then flip to enforce, where denied actions are actually stopped.

This ladder matters. Security that breaks your workflow on day one gets turned off. Security that shows you what's happening, earns your trust, and then tightens is security you keep running.

What you get


Start by watching one run: install the guard and wrap your agent. It takes one command, and the first thing you'll learn is how much your agent was already doing that you couldn't see.

Read the docs →  ·  See the adversarial GameDay reports →