# sandboxing
標記為「sandboxing」的 16 篇文章
MCP Command Injection: Understanding and Preventing Shell Injection in MCP Servers
A defense-focused guide to understanding how command injection vulnerabilities arise in MCP server implementations, analyzing CVE-2025-6514 (CVSS 9.6), and implementing robust input sanitization, parameterized commands, and sandboxing to protect MCP deployments.
MCP Path Traversal: Preventing File System Escapes in MCP Servers
A defense-focused guide to preventing path traversal vulnerabilities in MCP file operations -- 82% of implementations use file operations prone to traversal -- with working filesystem sandboxing, path validation, chroot jails, and detection rules.
Tool Use Exploitation
Comprehensive techniques for exploiting how AI agents call external tools and APIs, including tool description poisoning, overly permissive access abuse, and tool output manipulation.
Sandboxing AI Code Generation
Design patterns for sandboxing AI code generation and execution, covering container isolation, capability restriction, network controls, and runtime monitoring.
Agent Sandboxing Strategies
Sandboxing and isolation strategies for limiting the blast radius of compromised LLM agents.
Rate Limiting, Sandboxing & Execution Controls
Rate limiting strategies for AI APIs, sandboxing code execution with E2B and Docker, tool call approval workflows, and the principle of least privilege for AI agents.
Sandboxing and Permission Models for Tool-Using Agents
Walkthrough for implementing sandboxing and permission models that constrain tool-using LLM agents, covering least-privilege design, parameter validation, execution sandboxes, approval workflows, and audit logging.
RAG Document Sandboxing Implementation
Implement document-level sandboxing for RAG systems to prevent cross-document injection and privilege escalation.
MCP Command Injection: Understanding and Preventing Shell Injection in MCP Servers
A defense-focused guide to understanding how command injection vulnerabilities arise in MCP server implementations, analyzing CVE-2025-6514 (CVSS 9.6), and implementing robust input sanitization, parameterized commands, and sandboxing to protect MCP deployments.
MCP Path Traversal: Preventing File System Escapes in MCP Servers
A defense-focused guide to preventing path traversal vulnerabilities in MCP file operations -- 82% of implementations use file operations prone to traversal -- with working filesystem sandboxing, path validation, chroot jails, and detection rules.
工具 Use 利用ation
Comprehensive techniques for exploiting how AI agents call external tools and APIs, including tool description poisoning, overly permissive access abuse, and tool output manipulation.
Sandboxing AI Code Generation
Design patterns for sandboxing AI code generation and execution, covering container isolation, capability restriction, network controls, and runtime monitoring.
代理 Sandboxing Strategies
Sandboxing and isolation strategies for limiting the blast radius of compromised LLM agents.
Rate Limiting, Sandboxing & Execution Controls
Rate limiting strategies for AI APIs, sandboxing code execution with E2B and Docker, tool call approval workflows, and the principle of least privilege for AI agents.
Sandboxing and Permission 模型s for 工具-Using 代理s
導覽 for implementing sandboxing and permission models that constrain tool-using LLM agents, covering least-privilege design, parameter validation, execution sandboxes, approval workflows, and audit logging.
RAG Document Sandboxing Implementation
Implement document-level sandboxing for RAG systems to prevent cross-document injection and privilege escalation.