Skip to content

The Kaizen Sandbox

Kaizen decides inside your tenant. Only the verdict leaves.

The deepest Kaizen deployment runs in an isolated microVM right next to your agent. It watches what the agent reports it is doing and what it actually does, judges the two against the agent's purpose using your own model, and sends out only the verdict. Your agents' behavioral data never leaves your environment.

Kaizen runs in an isolated microVM in your tenant and sends out only the verdict

What it catches that nothing else can

An agent can lie. It can report a harmless action while actually doing something else, and a guardrail that only reads the agent's own account is fooled. Kaizen sees both sides, so the gap between what an agent says and what it does becomes the alarm.

In a live run, a research-bot declared for fetching release notes from api.github.com was prompt-injected. It reported a fetch from api.github.com; it actually connected to attacker.example. Kaizen caught it:

The agent reported one destination and connected to another; the gap is the verdict

block (confidence 0.9): "The agent reported connecting to 'api.github.com' but actually connected to 'attacker.example', an undeclared destination."

That verdict is the only thing that reached the control plane, shown here in the console:

The Kaizen Sandbox verdict in the console

It ran end to end in a real Azure Container Apps microVM, which was then destroyed with the raw data inside it.

Why it matters
Data sovereignty by construction the control plane never sees the raw behavior; it only receives the verdict
Remembers each agent it learns how each agent normally behaves and flags drift from that, not just policy breaks
Catches the allowed-but-malicious the gap between what an agent reports and what it actually does is a signal no prompt guardrail can see
Your model, your tenant the judgment uses your own model key, configured in the console
Built for regulated environments pair it with confidential computing for an attested, sovereign enclave

Talk to us

The Kaizen Sandbox is the in-tenant deployment for teams that cannot let agent data leave their environment. To set it up for your agents, reach out at hello@getkaizen.io. See also observation depth and the sidecar.