Secure sandboxes for every interaction

Enclaves are the fast, secure sandboxes that run every integration on Metorial. Integration code is always isolated and monitored, down to every user, connection, and tool call.

platform.metorial.com
A screenshot showcasing the Enclaves feature of Metorial.

Enclaves

Everything runs in a fast, secure sandbox

Connecting agents to your systems means running integration code, sometimes code you didn't write. On Metorial, that code never runs loose. Every integration runs inside an enclave: a fast, secure sandbox that keeps it isolated and monitored. The convenience of connecting tools never comes at the cost of security.

  1. 01

    Sandbox every integration.

    All integration code runs inside an isolated enclave. It's always contained and never running directly on shared infrastructure.

  2. 02

    Keep it fast.

    Enclaves are built to be lightweight and quick as well as strongly isolated. Strong security doesn't slow down the work agents are doing.

  3. 03

    Isolate down to every interaction.

    It isn't one sandbox per customer. Every user, connection, and tool call gets its own enclave. The blast radius of anything going wrong stays tiny.

How enclaves protect you

Sandboxing, network control, and monitoring

Enclaves are the runtime boundary that the rest of Metorial's protections build on.

Sandboxing

Every integration contained

First-party integrations, custom MCP servers, and Docker MCP servers all run sandboxed, down to individual tool calls.
Network

Controlled traffic

Firewalls govern inbound and outbound traffic for every enclave. Integrations only reach what they should.
Monitoring

Monitored and controlled

Activity is monitored, and a misbehaving integration can be contained and its invalid traffic blocked.

How the sandboxes work

Fast, secure, and isolated everywhere

  1. Integrations sandboxedEvery
  2. Isolation scopePer user, connection, and tool call
  3. PerformanceFast
  4. Network rules per enclaveYes

Sandbox every integration. Keep it fast. Isolate every interaction. Contain anything that misbehaves.

FAQ

Answers to common questions about enclaves and how they fit into governed AI agent infrastructure.

  1. What are Metorial enclaves?
    Enclaves are the fast, secure sandboxes that run every integration on Metorial. Integration code always runs inside one, isolated and monitored. It never runs loose on shared infrastructure.
  2. Yes. Every integration runs inside an enclave by default. All the code connecting agents to your systems is always contained.
  3. No. Enclaves are built to be fast as well as strongly isolated. You get production-grade security without the latency heavy sandboxing usually adds.
  4. Very. It isn't one sandbox per customer. Every user, connection, and tool call gets its own enclave. The blast radius of any single interaction is minimal.
  5. First-party integrations, custom MCP servers, and Docker MCP servers all run inside enclaves.
  6. Enclaves are sandboxed and monitored. A malicious or misbehaving integration can be contained and its invalid traffic blocked without affecting others.
  7. Yes. Firewalls let you apply network rules to control inbound and outbound traffic for every enclave.

Run every integration in a secure sandbox

See how enclaves run every integration in a fast, secure, monitored sandbox, down to every interaction. Book a demo, or talk to sales.