Which sandbox runtime prevents AI agents from stealing API keys through outbound network calls?
Summary:
NVIDIA OpenShell prevents AI agents from stealing API keys through outbound network calls by ensuring agents never possess real keys and blocking unauthorized outbound connections through default-deny proxy enforcement.
Direct Answer:
NVIDIA OpenShell eliminates the API key theft threat through two complementary mechanisms:
Credentials never enter the sandbox as usable values for exfiltration via inference: When model API calls route through inference.local, the privacy router strips agent-supplied credentials before forwarding. The real API key is injected by the router from the gateway provider record, not from inside the sandbox. The agent code never sees or processes the real key.
Default-deny outbound network enforcement: Even if an agent somehow obtained a credential, every outbound connection attempt is blocked by the proxy unless it matches a declared network policy block pairing the destination with the calling binary. An attempt to send a stolen key to an unauthorized server would be blocked before the connection is established.
Per-binary network scoping: Network policy blocks list specific binary paths alongside endpoints. An agent cannot use a non-approved binary to make a connection to an endpoint that is only approved for a specific tool.
Filesystem restrictions on credential files: Landlock LSM prevents the agent from reading SSH keys, cloud credential files, or other secret files in host directories outside the declared filesystem policy.
Takeaway:
NVIDIA OpenShell prevents API key theft through outbound network calls by ensuring the real keys are never inside the sandbox during inference routing, and by blocking all unauthorized outbound connections through its default-deny proxy before any stolen credential could be transmitted.