Introducing Sandbox0

Today we're open-sourcing Sandbox0 — an enterprise-grade AI agent sandbox with persistent storage, sub-200ms cold starts, and operator-first self-hosting.

Why We Built This#

Modern AI agents need more than a container. They need a runtime that persists state between sessions, enforces network policy, and starts fast enough to be useful in real workflows.

We started building Sandbox0 because the existing options forced a tradeoff: either you got simplicity with no persistence, or you got persistence with unacceptable cold-start latency.

Sandbox0 resolves that tradeoff with three core ideas:

• Warm pools keep sandbox runtimes pre-initialized. A claim operation completes in under 200ms even for complex environments.
• Volumes are first-class primitives. State persists across sessions, and you can snapshot, restore, and fork volumes the same way you'd manage a database backup.
• Network policy is built in. Egress control and DNS protections are applied per-sandbox, not per-cluster.

The Open Source Core#

The core of Sandbox0 — manager, internal-gateway, storage-proxy, netd, and procd — is now open source under the Apache 2.0 license.

bash
git clone https://github.com/sandbox0-ai/sandbox0

The operator-based installation gets you a working single-cluster deployment:

bash
kubectl apply -f https://raw.githubusercontent.com/sandbox0-ai/sandbox0/main/install.yaml

What's Included#

What Comes Next#

The SaaS platform (sandbox0-cloud) is in private beta. It adds multi-region routing, billing, team management, and a managed control plane so you don't have to run edge-gateway and scheduler yourself.

If you're interested in the self-hosted path, the docs cover installation and configuration in detail.

We're grateful to the teams who helped validate these ideas early. If you're building AI agent infrastructure and want to talk architecture, reach out at contact@sandbox0.ai.