Most AI platforms assume you are comfortable sending your data to someone else's servers. For a growing number of organizations, that assumption is wrong. Regulated industries, defense contractors, research labs, and privacy-conscious companies need AI capabilities where no data leaves their network. That is the problem AI-in-a-Box was built to solve.

Current architecture: This post describes the product thesis and early architecture. The current service map, auth model, subagent model, and receipt system are documented in the Architecture reference, Authentication reference, and Audit Trail reference.

Claude Code has a pattern we wanted to replicate: when a task is complex enough, the main agent spawns a focused sub-agent with a custom system prompt and a curated set of tools. The sub-agent does its work and returns results to the parent. This keeps the main agent's context clean and lets specialized work happen in isolation.

We built this into AI-in-a-Box's agent runtime using the OpenAI Agents SDK.

Current runtime model: This post is historical. The current implementation uses a main agent with a Delegate tool and subagent definitions in deploy/config/subagents/*.md; the old YAML handoff team model has been removed. Use the Agents reference and Multi-Agent tutorial for current behavior.

When your AI agent can execute arbitrary code, the execution environment is a security boundary. Shared subprocess execution on the host is fine for single-user prototypes. For a multi-tenant platform where different organizations share the same infrastructure, it is not even close to acceptable.

Current reference: This post explains the design intent behind sandbox isolation. The current API and deployment knobs are documented in the Code Sandbox reference and Run Code tutorial.

We built a per-session Docker sandbox system that gives each user session its own isolated container.

Historical post: This post records an early hardening sprint. Some implementation details have changed since it was written. Use the current Security guide, Authentication reference, and Audit Trail reference as the source of truth.

Before shipping AI-in-a-Box to production, we ran a comprehensive security audit across all services. We found 27 vulnerabilities: 5 critical, 8 important, and 14 medium. This post captures the findings and the intended remediation work from that point in time.

We wanted the AI-in-a-Box documentation to feel purpose-built rather than like a default Docusaurus theme with a color swap. This post describes the early design pass that gave the docs a warmer dark palette, denser tables, and more readable code blocks.