Secure sandboxes
for AI agents.

You can YOLO it. Use --dangerously-skip-permissions.

# Install the CLI
$ curl https://islo.dev/install.sh | bash
# Log in once
$ islo login
# Run Claude Code in a sandbox
$ islo run claude
✓ Syncing ./src → remote sandbox
✓ Claude Code connected
✓ Policies loaded (strict mode)
❯ fix the auth bug in login.ts

Start for free Docs

Interactive Demo

Try to break out

Click any attack to watch it get blocked in real-time.

claude

⚡ islo|sandbox

●Starting sandbox...

0 blocked|strict mode

↑↓ to navigate · enter to select

Policy Engine

Customize your policies

Define what your agents can do. Enforce it at every level.

Filesystem

System-level enforcement at the kernel - not a whitelist of commands.

Kernel-level blocking

policy.islo

allow /workspace/**     rwx-
deny  /etc/**           ----
deny  /.env             ----

Under the Hood

Built on proven infrastructure

Real isolation enforced at the kernel level, with extra policies for safety.

Kata Containers on bare metal

Hardware-virtualized containers running on bare metal cloud infrastructure. Dedicated kernels, true isolation - not just namespaces.

eBPF syscall filtering

Policies enforced at the kernel level via eBPF. Not a wrapper, not a shim - actual syscall interception before execution.

L3 network policies

Egress control at the network layer. Allowlist domains or IPs - everything else is dropped at the socket.

Secrets never mounted

Secrets are injected at runtime via secure channels. They never exist on the filesystem - agents can't read what isn't there.

Persistent filesystems

Full ext4 filesystem per sandbox. Your data persists between runs - no weird FUSE edge cases or NFS quirks.

Dynamic resources

Sandboxes scale up to 8 CPUs and 16GB RAM on demand. Pay only for what you use - billing from cgroup metrics.

Real-time Alerts

Know when something's wrong

Detect unusual patterns and suggest policies before they become problems.

✓Instant alerts when policies block an action

✓Pattern detection for unusual agent behavior

✓One-click to add suggested policies

✓Full context: action, rule, sandbox, agent

Blocked2

Filesystem access blocked

2 min ago

read /etc/passwd

deny /etc/** (Filesystem Policy)

Network request blocked

5 min ago

curl https://prod-db.internal:5432

deny *:5432 (Network Policy)

Behavioral Anomaly1

High file access rate

8 min ago

47 files in /src/auth/ in 3 seconds

Anomaly: exceeds normal access patterns

Suggestion1

Consider secrets policy

12 min ago

Agent reading .env files frequently

No policy - consider denying .env access

Billing

Pay only for what you use

We only bill for actual CPU cycles, resident memory, and consumed storage.

Free tierGet started at no cost

CPU Time

Measured from Linux cgroup CPU usage counters (cpu.stat usage_usec). Billed with a minimum of 6.25% CPU utilization per second of runtime.

Cumulative CPU usage

$0.07/CPU-hour

Memory Time

Measured by sampling Linux cgroup memory usage (memory.current). Billed with a minimum of 0.25 GB per second of runtime.

Actual memory usage

$0.04/GB-hour

Storage Time

Measured hourly by summing actual size of objects in your environment's storage bucket.

Storage usage in GB-hours

$0.0007/GB-hour

Example: 4-hour Claude Code session

CPU (2.4 CPU-hrs)

$0.17

Memory (6 GB-hrs)

$0.24

Storage (40 GB-hrs)

$0.03

Total

~$0.44

Get started in under a minute

Install the CLI, create a sandbox, run your agent.

$curl https://islo.dev/install.sh | bash

Try Islo Read the Docs

SOC 2 Type II

Audit logs

SIEM export

Secure sandboxesfor AI agents.