Tool layer vs. sandbox layer: why helmdeck + NVIDIA OpenShell is non-duplicative
· 9 min read
Two layers, two failure modes
When an enterprise asks "is your agent platform secure?", the question is almost always a bundle of two distinct concerns:
- Tool layer: Can the agent only call the tools we approved? Are the tool inputs/outputs validated? Are credentials kept out of the LLM's context? Are calls audited?
- Sandbox layer: When a tool runs code, browses the web, or shells out — is that execution isolated from the host? Can it reach internal networks? Can it write outside its workdir?
These look adjacent but they fail differently. A tool layer fails when an agent calls something it shouldn't have access to — fixable by tightening the tool registry. A sandbox layer fails when an approved tool gets compromised mid-execution — fixable only by reducing what the execution environment can reach.