Add brood-box to Tools section

This PR adds brood-box to the Tools section of the awesome list.

What is brood-box?

brood-box is a CLI tool that runs AI coding agents (Claude Code, Codex, OpenCode) inside hardware-isolated microVMs. It provides multiple layers of security to protect developer environments from the risks of autonomous AI agents:

• Hardware isolation via microVMs — Each agent session runs inside a lightweight virtual machine, preventing a compromised or manipulated agent from accessing the host system. This defends against credential theft and unauthorized access to sensitive files.
• Snapshot isolation — A copy-on-write workspace snapshot is created before the agent starts, with interactive review of all changes before they are flushed back. This prevents unreviewed or malicious modifications from reaching the real workspace.
• Egress control — DNS-aware network policies restrict outbound connections, mitigating data exfiltration by limiting what the agent can communicate with.
• MCP authorization profiles — Cedar-based authorization policies control what MCP operations an agent can perform (full-access, observe-only, safe-tools, or custom), reducing the blast radius of prompt injection attacks.

Why it fits the Tools section

brood-box is a practical, open-source security tool that directly addresses the risks introduced by giving AI coding agents access to developer environments. It fits alongside other tools in this list that focus on securing agentic AI workflows.

🤖 Generated with Claude Code and Brood Box