Security and Safety

Blast Radius Containment

Blast radius containment is the practice of designing agent systems so that any single failure, error, or security compromise affects the smallest possible scope, using strategies like filesystem scoping to restrict agents to specific directories, network isolation to limit which endpoints they can reach, transaction boundaries to make destructive operations reversible, and resource limits to cap tokens and compute per task. The concept comes from infrastructure engineering, where blast radius describes failure domains, and it applies directly to agentic systems because agents are non-deterministic by nature: you cannot prevent all failures, but you can constrain what any single failure can touch. The most dangerous agent failures are not the ones that crash visibly but the ones that silently corrupt data or make unintended changes that surface hours later, so containment is about limiting the scope of the worst-case outcome, not just preventing the average one.

connected to

Permission Models Error Recovery Rate Limiting

resources

AWS: Blast Radiusaws.amazon.comAmazon's framework for reducing the impact of failures (aws.amazon.com)Claude Code: Securitydocs.anthropic.comHow Claude Code implements containment through permission and filesystem boundaries (docs.anthropic.com)OWASP: Excessive Agencygenai.owasp.orgRisks from agents with overly broad capabilities and insufficient containment (genai.owasp.org)Principle of Least Authorityen.wikipedia.orgThe foundational security principle behind blast radius containment (wikipedia.org)

view in track