BlueRock Agent Sandbox

Overview

AI agents don't just respond to prompts. They call tools, access data, execute code, and interact with MCP servers. Most organizations have no visibility into what those agents actually do at runtime. And no way to stop a dangerous action before it executes.

We scanned over 7,000 MCP servers. 36.7% have potential SSRF exposure. 42% expose credentials insecurely. The pattern is familiar. Adoption outpaces security. We've seen it before with containers, APIs, and open source dependencies. Now it's happening with agentic infrastructure.

The difference is these MCP servers don't just store data. They define the tools your agent can use and how those tools behave. If the server is compromised or misconfigured, your API keys, your data, and your tool permissions can all be exposed.

BlueRock solves this at the execution layer. Not at the prompt. Not at the network edge. At runtime, where agents actually take action.

This guide will walk you through both sides of what BlueRock provides:

Observability: Runtime visibility that shows you exactly what your agents are doing and why. You'll trace the full lifecycle of MCP interactions in CloudWatch, from the initial server-client handshake through tool discovery, individual tool calls, and server responses. Every MCP action is logged and searchable. You'll see exactly which tools were available, which ones were called, and whether the call succeeded or failed.

Guardrails: Pre-execution controls that govern what your agents are allowed to do. You'll use the MCP Trust Registry to review the security posture of an MCP server, then generate and deploy a policy using BlueRock's policy tooling. You'll see what happens when an agent calls a tool that violates that policy, first as a WARN alert, then in full remediate mode where the action gets blocked. You'll also see BlueRock's Brace sandbox, an isolated execution environment with its own set of controls for commands and file operations.

Because you can't trust what you can't see. And you can't secure what you can't observe.The BlueRock Agent Sandbox – BRACE (BlueRock Agent Control Environment) – is an isolated execution runtime designed to contain autonomous AI agents. Unlike traditional containers, BRACE provides process and filesystem level isolation with deep Model Context Protocol (MCP) visibility.

Introduction to the Agentic Observability Sandbox

The BRACE sandbox is designed to provide visibility of all agent process executions, filesystem accesses and pythonic MCP events to give developers observability into their agent execution. Any agent can run inside the sandbox, but MCP events are currently supported for Python only (support for Typescript and JavaScript is coming soon). BRACE is offered as a free product for observability of agent events and tool calls and process isolation. The product also offers guardrail control capabilities for the MCP tool calls and filesystem access via a paid license.

Key Capabilities:

• Observability: Provides event tracing for agent and associated process activity

• Process Isolation: Runs agents in separate process ID (PID) namespaces.

• Filesystem Isolation: Restricts host directory access via granular bind mounts.

• Network Isolation: Blocks or limits outgoing connections to trusted CIDRs using nftables.

• Zero-Change Deployment: Works with most agent frameworks with a single CLI command.

This documentation guide provides details on steps to deploy and configure the sandbox for agentic building and deployment.