Go hard on agents, not on your filesystem

The Stanford Secure Computer Systems research group has released jai, a free Linux sandboxing tool designed specifically for AI agent safety. This comes in response to viral reports of AI tools like Claude Code, Cursor, and Antigravity wiping home directories, deleting 100GB of data, and erasing family photos when given ordinary machine access. jai addresses the security gap between giving an agent full account access and the complexity of setting up containers or VMs for every task.

jai works by creating a lightweight boundary with three isolation modes: Casual (home directory copy-on-write overlay), Strict (empty private home with separate user), and Bare (your UID but home hidden). Unlike Docker or bubblewrap, it requires no images, Dockerfiles, or complex wrapper scripts—just prefix commands with 'jai'. The tool gives working directories full read/write access while keeping the rest of the home directory protected, with /tmp and /var/tmp made private and other files read-only.

The security model is explicitly casual—it reduces blast radius rather than providing perfect safety. For multi-tenant isolation or defense against determined adversaries, the researchers still recommend proper containers or VMs. However, for everyday AI workflows like quick coding help, running installer scripts, or one-off local tasks, jai provides practical protection that's easier than 'YOLO mode' where users simply trust AI agents with their entire system.