Awesome Agent Sandboxes

A curated list of code-execution sandboxing solutions for AI/LLM agents.

Cloud

• E2B - Open-source cloud runtime with Linux OS and SDK support.
• AgentSphere - MicroVM sandboxes with MCP integration for secure LLM code execution.
• Runloop - Fast devboxes with snapshots and repo connections.
• Modal Sandboxes - Programmatic sandboxes at massive scale with sub-second startup, snapshotting, and fine-grained networking controls.
• Deno Sandboxes - Millisecond boot times.
• Sprites - Persistent Firecracker VMs with exec sessions and checkpoint/restore capabilities.
• Cognitora - Firecracker microVMs with hardware-level isolation.
• exe.dev - 2-second Ubuntu VMs for coding agents.
• YepCode Run - Serverless JavaScript/Python execution with enterprise-grade sandboxing.
• shellbox.dev - SSH-accessible Linux boxes.
• Novita Sandbox - Agent deployment framework with SDK decorators and one-click configuration.
• BlueRock Agent Sandbox - Commercial sandbox with full MCP visibility and action-level tracing.

Self-hosted / Open Source

• AIO Sandbox - All-in-one container with browser, terminal, VS Code, Jupyter, and MCP.
• Sandboxer - Forkable server for LLMs and agents.
• Kubernetes Agent Sandbox - Kubernetes APIs with pluggable isolation backends (gVisor/Kata) for secure agent workloads at scale.
• Arrakis - MicroVM isolation with snapshots and backtracking.
• Bouvet - Rust-based sandbox.
• Microsandbox - Self-hosted with VM-level isolation and under 200ms boot times.
• SandboxAI - Multi-cloud infrastructure for AI-generated code.
• Daytona - Open-source infrastructure with SDK/CLI.
• Fence - Lightweight CLI sandbox with network and filesystem restrictions using OS-native tools.
• Landrun - Landlock-based sandboxing without root.
• nono - Capability-based shell using kernel-level security primitives.
• yolo-cage - Anti-exfiltration sandbox.
• Yolobox - Docker containers protecting home directory.
• Flintlock - MicroVM lifecycle management backed by containerd for building higher-level solutions.
• Volant - MicroVM orchestration with ~200ms cold start.
• Capsule - WASM runners.
• Enclave - JavaScript sandbox preventing code injection and prototype pollution.
• Sandbox Agent - Universal API for Claude Code, Codex, OpenCode, and Amp.
• pctx - Execution layer with type-checked Deno sandboxes.
• pctx-sandbox - Python decorator for untrusted code.
• AgentFence - Security testing platform for prompt injection and secret leakage vulnerabilities.
• OpenServ - TypeScript framework for autonomous agents.

Others

• Agents.one Playground - Upload Python agents and share public playground links for zero-install testing.
• AI Agent Sandbox - Run agents in-browser with Pyodide.
• Browser Use Sandboxes - Production browser automation.
• ComputeSDK - Universal API across multiple cloud providers with automatic provider detection.
• VibeKit - SDK supporting E2B, Daytona, Modal, and other providers.

Contributing

Contributions welcome! Please read the contribution guidelines first.