Security model
Secure AI agent execution, enforced on every turn.
Agents are powerful, so the boundaries have to be real. OpenAgents contains each agent in its own sandbox and enforces your organization's limits at the platform layer — not in a prompt.
The controls
Four boundaries the platform enforces for you.
Each is configured once and applied automatically to every agent, every conversation, every turn.
-
Per-conversation sandboxes
Every agent runs inside its own virtualized environment. Filesystem, processes, and tools are contained to that sandbox — an agent cannot reach your machine, another conversation, or anything you did not grant it.
-
Network egress allowlists
Outbound network access is denied by default and opened host-by-host. An agent can reach the APIs you approve and nothing else, so a compromised dependency or prompt injection has nowhere to exfiltrate to.
-
Per-project secret management
API keys and credentials live in per-project secret storage, injected into the sandbox only for the turns that need them. Secrets never land in the page, the transcript, or a screenshot.
-
Operator-enforced spend guardrails
Set spend limits per project; the platform enforces them on every turn. Runaway loops and expensive mistakes stop at the boundary you set instead of at your invoice.
Network egress
Deny by default, allowlist by host.
The most dangerous thing an autonomous agent can do is reach the open internet. OpenAgents closes that door by default: an agent's sandbox has no outbound network until you allow specific hosts. A compromised dependency or a prompt-injection attempt has nowhere to send your data.
Questions
Security, answered.
Where do agents actually run?
Each conversation gets its own virtualized sandbox. Agent code and tools execute there, isolated from your machine, from other conversations, and from the host — with only the network and secrets you grant.
How is network access controlled?
Egress is deny-by-default. You allowlist the specific hosts an agent may reach, so it can call the services you approve and cannot exfiltrate data to anywhere you did not.
Can an agent leak our secrets or spend without limit?
Secrets are stored per project and injected only for the turns that need them, never exposed in transcripts. Spend guardrails are enforced by the platform on every turn, so costs stop at the limit you set.
Give your agents a contained home.
Sign in to create a project and configure sandboxes, egress, secrets, and spend limits for your team.
Get started