The sandboxed agent and AV should ideally not run on the same host because if it did then you're right that a sufficiently sophisticated agent like Mythos could try to reverse engineer and like find kernel exploits to gain access AV credentials.

For this reason, you'd want to keep the two separate; we have some ideas in the works for that atm but largely still experimental.