It’s an idea that obfuscates keys a bit, but how are you going to prevent the agent from gaining access to the vault and keys itself? I’ve seen it reverse engineer many things to expose the underlying credentials. I can only think running this on a firewall that the agent can’t access to prevent escalation.
The sandboxed agent and AV should ideally not run on the same host because if it did then you're right that a sufficiently sophisticated agent like Mythos could try to reverse engineer and like find kernel exploits to gain access AV credentials.
For this reason, you'd want to keep the two separate; we have some ideas in the works for that atm but largely still experimental.
