LXD sandboxes AI agents, limits breach blast radius

Treating agent execution as untrusted-by-default is the right mental model, and LXD offers a pragmatic middle ground between speed and containment for developer workflows.

• –System containers let teams isolate agent runtime without giving it broad host access.
• –Scoped disk mounts preserve local editing flow while reducing accidental or malicious file exposure.
• –LXD can scale from lightweight local sandboxes to VM-backed isolation when stronger boundaries are needed.
• –This is strongest as operational guidance, not a new product event.