Could LLMs be used for sandboxing programs?

Today I was thinking that for many programs, you could probably formulate some restrictions on what exactly they should be able to do using LLMs (access home/dotfiles/secrets, network, etc.)

It's cumbersome to set up the configuration for exactly the "expected" capabilities (at least I never bother). So I was wondering, could one do something like trapping syscalls and using LLM as an exception handler for each category, until a complete profile is built for the program. After that, there should be no overhead for the LLM/sandboxer.

The top-level input would be something like "foo is a multiplayer game" or "baz is like youtube-dl".