Sandbox, sandbox, sandbox. I've run my browser firejailed for years, even though I don't use any agentic stuff - just in case. I use Firefox these days, compiled from source and without AI stuff, but still think it's a good idea to sandbox it. But anyway, sandboxing AI seems to be a good idea - as clearly demonstrated by the dev community with its npm hacks and IDE agents that has the potential to wreck your system.