How do I prevent AI agents from executing destructive code?

AI agents with code execution capabilities (Python interpreters, shell access, Code Interpreter) can run arbitrary destructive commands — rm -rf, subprocess spawning, package installation, network scanning — and sandboxing alone is insufficient because the damage often happens through legitimate API calls, not system commands.

Destructive code patterns agents attempt:

• System commands: os.system(), subprocess.call(), shutil.rmtree() — direct system manipulation
• Dynamic code execution: eval(), exec(), __import__() — bypassing static analysis
• File system manipulation: Writing to /etc/, ~/.ssh/, /var/ — privilege escalation paths
• Package installation: pip install arbitrary packages that could contain malware
• Network operations: Port scanning, reverse shells, outbound data exfiltration

Exogram's Gate 5 (Compute Execution Guard) blocks every destructive code pattern at the execution boundary. It maintains a deterministic blocklist of dangerous functions, system calls, and file paths. Gate 6 (Filesystem Guard) blocks writes to system-critical paths. No pattern matching. No heuristics. Pure code-based enforcement that catches destructive operations before they execute.