EB-4
Tool Use & Execution Environments
Giving an agent the ability to act — and containing the consequences when it does.
Theme: Tools →Browse topics Hub · essay · articles · FAQ · glossary
Topics
7 topics — scope and references for each.
- Tool definitions & routing
How tools are defined and exposed to an agent, and how the agent decides which tool to use. Students learn that the first context an agent needs is knowledge…
- Sandboxing fundamentals — isolated ephemeral execution
The core safety concept for tool-using agents: code the agent generates should run in an isolated, ephemeral environment that cannot affect the host, reach p…
- Native sandboxing (e.g. Claude Code `/sandbox`)
Sandboxing built into the harness itself. Students learn how a harness can sandbox execution natively and how this reduces permission-prompt fatigue by allow…
- MCP deeper — servers/clients, local vs. remote
A deeper treatment of the protocol introduced in EB-2: building and securing MCP servers, the local-versus-remote tradeoff, and how code-execution tools run…
- Isolation tiers — microVM / gVisor / container
The hierarchy of isolation strength. Students learn the practical spectrum — microVMs as the strongest isolation, a user-space kernel layer as a middle groun…
- Network policies & exfiltration prevention
Isolation of code is only half the problem; an agent with legitimate credentials can still exfiltrate data through allowed channels. Students learn to enforc…
- Prompt-injection threat model
The defining security problem of tool-using agents. When an agent ingests external content — a web page, a file — hidden instructions in that content can hij…
Topics are combined ad hoc for corporate programs and workshops — there is no fixed public duration. Tell us your goals and we design the track.
Discuss a custom program