yes contain the network boundary or "cut off a leg" as you put it.

But it's not a perfect or complete solution when speaking of agents. You can kill outbound, you can kill email, you can kill any type of network sync. Data can still leak through sneaky channels, and any malignant agent will be able to find those.

We'll need to set those up, and we also need to monitor any case where agents aren't pretty much in air gapped sandboxes.