Strait: Policy Governance and Sandbox Security Platform for AI Agents

Strait is a policy execution and sandbox security platform for AI agents. To address security challenges such as unauthorized access and dangerous operations brought by the expansion of agent capabilities, it implements fine-grained access control for networks, file systems, and processes through the Cedar policy language. Combined with container sandbox isolation and observe-execute workflows, it provides a systematic solution for agent security.

Current AI agent tool calls lack fine-grained access control, which may lead to unauthorized access to sensitive resources (e.g., configuration files containing keys, sending sensitive data to untrusted servers). Traditional OS-level permission control cannot handle new threats, requiring a policy-driven security mechanism specifically designed for agents.

It adopts the AWS open-source Cedar policy language (strong expressiveness supporting ABAC/RBAC, formal verification capability, excellent performance) to implement three layers of access control:

• Network: Restrict domains, ports, and protocols; prohibit access to intranets or untrusted endpoints
• File system: Precisely control read/write/execute permissions and set sandbox directories
• Process: Prevent execution of dangerous commands or unauthorized programs

Each agent runs in an independent container sandbox, providing an additional isolation layer beyond policies. The innovative observe-execute workflow:

1. Observe: Record and analyze operations without immediate execution
2. Decide: Evaluate compliance with policies (allow/deny/need confirmation)
3. Execute: Only operations that pass checks are actually executed; abnormal behaviors can be captured to avoid risks.

• Enterprise deployment: Customer service agents only access knowledge bases, code assistants only operate project directories, data analysis agents limit database operations
• Multi-tenant platform: Tenant agents have independent sandboxes, data isolation, and global security policies
• Automated workflow: Permission restrictions for build/deploy agents, audit log tracing

It consists of four collaborative layers:

• Policy engine layer: Real-time operation permission evaluation based on Cedar
• Interception layer: Capture operations through system call interception, network proxy, and file hooks
• Sandbox layer: Isolation via containers (Docker/containerd) or virtualization (gVisor)
• Audit layer: Record policy decisions and operation logs to support compliance audits

Comparison with traditional solutions: Specifically designed for agents, policy as code (version controllable/testable), zero-trust architecture; Limitations: Cedar policy writing requires learning cost, policy evaluation and sandbox have performance overhead, ecosystem needs improvement.

Strait represents an important direction for AI security infrastructure and promotes the application of the 'shift-left security' concept in the AI field. It provides a foundation for balancing agent capabilities and security, which is a key step in AI security governance and has evaluation value for organizations deploying agents in production environments.