[whinvik]

Same. I didn't really understand what the difference is compared to containerization

[rvz]

Fundamentally, there is no difference. Blocking syscalls in a Docker container is nothing new and one of the ways to achieve "sandboxing" and can already be done right now.

The only thing that caught people's attention was that it was applied to "AI Agents".

[kjok]

What is so fundamentally different for AI agents?

[rvz]

Other than the current popular thing which is "AI agents", like all programs, it changes absolutely nothing.

[Yoric]

The fact that the first thing people are going to do is punch holes in the sandbox with MCP servers?