Imagine you have an AI agent that can execute code on your computer. Why is sandboxing these operations important?
Think about what could happen if the AI runs harmful commands.
Sandboxing creates a safe environment that limits what the AI can do, protecting your system from damage or data leaks.
What will be the output of this sandboxed Python code snippet?
sandbox_env = {'__builtins__': {}}
code = 'result = 5 + 3'
exec(code, sandbox_env)
output = sandbox_env.get('result', None)
print(output)Check if the code assigns the result correctly inside the sandbox.
The code runs inside a restricted environment but with an empty __builtins__, variable assignment may not work as expected, so output is None.
You want to run untrusted AI-generated code safely. Which sandboxing method provides the strongest isolation?
Consider which method isolates the code from the host system most effectively.
Docker containers provide OS-level isolation, limiting system access better than Python exec or virtual environments.
When sandboxing AI code execution, which resource limit is most critical to prevent denial-of-service attacks?
Think about what causes the system to become unresponsive quickly.
CPU time limits stop code that runs forever or uses too much processing power, protecting system responsiveness.
Given this sandboxed Python code, which option shows the way an attacker could escape the sandbox?
sandbox_env = {'__builtins__': {}}
code = '''
import os
os.system('echo escaped')
'''
exec(code, sandbox_env)Check if the sandbox environment allows importing modules.
With an empty __builtins__, the import statement is disabled, so the code raises NameError or ImportError, preventing escape.