GitHub Copilot Gets Cloud and Local Sandboxes
June 3, 2026
GitHub has put Copilot sandboxes into public preview. The UI change is small, but the security impact for agentic development is large.
GitHub Copilot can now run in isolated local and cloud sandboxes. Locally, shell execution is restricted; in the cloud, Copilot starts an ephemeral Linux environment. This targets the core risk of agentic coding tools: they read code, execute commands, and modify files.
Why it matters: Once an agent executes tools, the chat transcript is not a security boundary. Isolation becomes core infrastructure.
What teams should do now: Enable sandboxing by default, restrict network access, remove secrets from local environments, and manage policy centrally.
π‘ In plain English
The agent gets a fenced work area instead of direct access to the whole machine.
Key Takeaways
- βLocal sandboxes protect filesystem and network access.
- βCloud sandboxes decouple agent work from developer machines.
- βIsolation is mandatory for parallel agents.
FAQ
Is this an immediate production risk?
Yes, especially when agents execute shell commands or touch unfamiliar repositories.