AI coding assistants are already wiping users' files and emptying home directories, according to reports of AI tools given ordinary machine access. jai addresses this by creating a lightweight sandbox that runs between your AI agent and your filesystem, preventing one-line installer scripts and AI-generated commands from trashing your system.

Unlike Docker or VMs, jai requires no images or setup—just prefix your command with jai. Your working directory stays fully writable while your home directory gets a copy-on-write overlay, meaning changes are captured without touching originals. The tool offers three isolation modes: casual (weak confidentiality), strict (copy-on-write home), and bare (empty private home).

Developed by Stanford's Secure Computer Systems research group, jai isn't meant to replace containers but fills a critical gap for quick AI workflows. It's lighter than Docker for ad-hoc sandboxing and simpler than bubblewrap's complex namespace setups. The developers emphasize jai is a 'casual sandbox' that reduces blast radius but doesn't eliminate all risks—users needing hardened multi-tenant isolation should still use proper containers or VMs.