Contain AI coding agents, harden what they ship. A sandbox for autonomous agents paired with continuous application security scanning.
Part of Visdom · VirtusLab's AI-Native SDLC
Why this matters, measured. Every number below links to the source.
Contain the agent while it writes the code. Scan what it produces before anyone deploys it.
A Docker & dev container setup from VirtusLab for running AI agents in --dangerous mode safely. Every network call is routed through a transparent mitmproxy with allow/deny rules and secret injection at the proxy level.
Open source · VirtusLab
Static analysis, dependency scanning, secrets detection, IaC and container checks, DAST, and runtime protection — unified and noise-reduced so findings match what the agent actually changed.
Partner capability · Aikido
Sandcat runs AI coding agents inside a Docker sandbox and routes all container traffic — HTTP, HTTPS, DNS, arbitrary TCP/UDP — through a transparent mitmproxy over WireGuard. No per-tool proxy configuration. No tool can bypass the network boundary.
An allow/deny engine decides which destinations the agent can reach. Real secrets never enter the container.
Environment variables hold placeholders like SANDCAT_PLACEHOLDER_GITHUB_TOKEN; mitmproxy substitutes the
real value only for outbound requests to allowlisted hosts — anything else is blocked with HTTP 403.
WireGuard lives in a dedicated network container with NET_ADMIN. App containers share its network namespace
and inherit the firewall rules, but cannot modify them. A compromised agent can neither read the secrets nor escape the tunnel.
Works as a dev container or standalone. Production-validated on Java and Scala projects with Claude Code — the first fully sandboxed, autonomously-authored PRs are already merged into VirtusLab OSS.
Visdom Security complements Sandcat with a code-to-runtime security capability. The partner platform we integrate with — Aikido — brings every core AppSec scanner under one roof, deduplicates findings, and correlates them with reachability so teams act on what actually matters.
Scans source for SQLi, XSS, buffer overflows and custom rules — before code merges.
Flags vulnerable and malicious packages, including transitive dependencies and license risks.
Authenticated scans against running apps and APIs to surface runtime vulnerabilities.
Detects API keys, tokens, certificates and encryption keys exposed in the repository.
Misconfigurations across Terraform, Kubernetes, container images and major cloud providers.
Reachability analysis and context correlation across scanners cut alert volume dramatically.
Aikido is a third-party partner. Logo and product names are trademarks of their respective owners. Visdom Security focuses on the capability; the vendor is pluggable.
Good tools exist on both sides. Visdom Security is the glue — runtime containment with a mitmproxy-enforced network boundary, plus scanning that pays attention to what the agent actually changed.
Vendor is pluggable. The capability — code-to-runtime scanning with noise reduction — is the requirement.
Visdom Security is one of four components in Visdom, VirtusLab's AI-Native SDLC.
Read the thinking behind it: The AI-Native SDLC series
Let agents move quickly inside Sandcat. Let Aikido-grade scanning decide what reaches production.