diff --git a/sandboxed_api/sandbox2/policybuilder.cc b/sandboxed_api/sandbox2/policybuilder.cc
index bf6d4bf..8f6134c 100644
--- a/sandboxed_api/sandbox2/policybuilder.cc
+++ b/sandboxed_api/sandbox2/policybuilder.cc
@@ -1068,6 +1068,11 @@ PolicyBuilder& PolicyBuilder::AddPolicyOnSyscall(uint32_t num, BpfFunc f) {
 
 PolicyBuilder& PolicyBuilder::AddPolicyOnSyscalls(
     absl::Span<const uint32_t> nums, absl::Span<const sock_filter> policy) {
+  if (nums.empty()) {
+    SetError(absl::InvalidArgumentError(
+        "Cannot add a policy for empty list of syscalls"));
+    return *this;
+  }
   std::deque<sock_filter> out;
   // Insert and verify the policy.
   out.insert(out.end(), policy.begin(), policy.end());
diff --git a/sandboxed_api/sandbox2/policybuilder_test.cc b/sandboxed_api/sandbox2/policybuilder_test.cc
index c328562..8fcd7e1 100644
--- a/sandboxed_api/sandbox2/policybuilder_test.cc
+++ b/sandboxed_api/sandbox2/policybuilder_test.cc
@@ -96,7 +96,6 @@ TEST(PolicyBuilderTest, Testpolicy_size) {
   assert_increased();
   builder.AddPolicyOnSyscalls({ __NR_fchmod, __NR_chdir }, { ALLOW });
   assert_increased();
-  builder.AddPolicyOnSyscalls({ }, { ALLOW }); assert_increased();
 
   // This might change in the future if we implement an optimization.
   builder.AddPolicyOnSyscall(__NR_umask, { ALLOW }); assert_increased();