Pydantic Monty: Wild LLMs, from tool calling to computer use (Sponsor: Pydantic)

LLMs are increasingly being used to take actions, call APIs, and write code. But giving AI agents the ability to run code opens up a surprisingly tricky question: how much control do you actually hand over?  There's a full continuum here, from structured tool calling at one end to full computer use at the other, but most developers don't realise how many interesting options live in between. That gap matters, because the extremes both have serious trade-offs: pure tool calling is safe but sequential and limiting, while full sandboxes or computer use are powerful but complex, slow, and often a hard sell to enterprise security teams.  This talk introduces Monty, a minimal Python interpreter written in Rust, purpose-built for running AI-generated code safely. Unlike traditional sandboxing approaches that start with full access and try to lock things down, Monty starts from zero and requires you to explicitly grant each capability — meaning the LLM can only interact with the outside world through functions you wrote, control, and can audit. It's a new paradigm: not AI using your tools, but AI writing its own programs to coordinate your tools.  In this talk, you will learn how to think about the control-capability trade-off when building AI agents, where Monty sits on that spectrum and why, and how to use it with Pydantic AI to replace sequential tool calls with expressive Python — complete with a live demo traced through Logfire.  Basic familiarity with Python and LLM tool use is helpful but not required. No prior knowledge of Rust or sandboxing concepts needed.