Prompt scanning and agent sandboxing are configured under Settings > Agents security. These features work together to create a defense-in-depth approach to agent security.
Overview
Prompt scanning and sandboxing are complementary security features that protect your organization from security risks introduced by AI agents:- Prompt Scanning: Automatically detects and handles sensitive data patterns (credentials, PII, secrets) in user inputs and agent outputs before they’re processed
- Agent Sandboxing: Isolates agent execution environments with strict network, file system, and command-level restrictions
Agent Sandboxing
Agent sandboxing restricts what Symbiotic Code agents can do when executing tasks, creating isolated execution environments using docker SBX.Sandbox Environment
When enabled, agents run inside Docker SBX containers with strict isolation: Configuration: Settings > Agents security > Agents sandbox > Run agents in a sandbox- Agents execute inside containerized environments
- Host filesystem access is blocked (except via explicit allow-lists)
- Network access is restricted unless explicitly allowed
- Shell command execution is limited to approved operations
Fallback Behavior
Configuration: Settings > Agents security > Agents sandbox > Fallback to host When the sandbox is unavailable:- Enabled: Agents continue running on the host system
- Disabled: Agents fail safely and request sandbox restoration
Worktree Isolation
Configuration: Settings > Agents security > Agents sandbox > Worktree isolation When enabled:- Agents work within an isolated Git worktree
- Host working directory and files are protected
- Changes are confined to the sandboxed environment
Command Restrictions
Limit the types of shell commands agents can execute. Configuration: Settings > Agents security > Agents sandbox > Block destructive shell commands When enabled, agents cannot executerm -rf and mass deletion commands
You can also define custom commands to block.
Network Controls
Manage network access for agents executing code or making HTTP requests. Access Mode: Choose between Balanced, Restrictive, and Open network policies.Exceptions
Define which hosts and networks agents can reach:
Important: Agents can still make requests using built-in tools (e.g., WebFetch) regardless of these settings. Network exceptions control general code execution behavior.
Prompt Scanner
The prompt scanner analyzes user prompts and tool outputs for sensitive data patterns and applies your configured policy actions.How It Works
When enabled, the prompt scanner:- Scans all user prompts before agents process them
- Scans agent outputs and tool results in real-time
- Detects patterns matching your configured categories
- Applies actions based on your policy (warn, redact, or block)
Configuration
Access prompt scanner settings under Settings > Agents security > Prompt scanner.Sensitive Data Categories
Configure which types of sensitive data to monitor:- Credentials: Passwords, GitHub tokens, API keys
- Cloud Keys: AWS access keys, GCP service account keys, Azure secrets
- Secrets: Private keys, encryption keys, environment variable values
- PII: Email addresses, phone numbers, home addresses, social security numbers
- Payment Cards: Credit/debit card numbers
Policy Actions
Choose how the scanner responds to detected sensitive data:Best Practices
- Enable Block secrets by default for production environments
- Use Redact for PII to balance security with functionality
- Configure Block credentials to prevent accidental token exposure
- Review and adjust settings based on false positive rates