Originally published in Minoan Security’s Blog

Here’s a question: when you run Claude Code/Codex or other CLI agents, do you run them on your host machine? Or do you isolate it in some sandbox?

I’d bet that for most of you the answer is the former. Not because you do not care about security, but because sandboxes are hard to use.

The past year, the developer tools market has seen an explosion of AI agent sandboxes, many of which have gained popularity but quite paradoxically, limited adoption among everyday developers.

If there are so many solutions (and some of them are great!), then why is almost no one using them?

Or more specifically: “What usability barriers do macOS developers face when using coding agent sandboxes, that hinder their adoption?”

That exactly is the research question I am trying to answer through my MSc practicum at Georgia Tech. And the answer to that is SideKernel, a reasonably secure but usable sandbox.

The goal is to provide strong security guarantees (e.g. kernel isolation, small TCB) while making the sandbox as transparent as possible to the end user. And that’s a hard problem, especially on the closed Apple ecosystem.

Well, I’ll attempt to solve it and build a great product along the way. And I hope to share an interesting thing or two with you in the process.