Sandbox.

microVM-per-frame cloud SaaS for Claude Code / Codex CLI / Cursor

gVisor/runc cloud sandbox with GPU (A10G, RTX 4090, H100), per-ms billing

Firecracker microVMs, sub-25ms standby resume, 16 regions

Agent sandbox built on E2B; TS / Claude Agent SDK only

Per-sandbox container in Cloudflare Workers; 300+ edge locations

Container sandboxes with sub-90ms cold start, warm pools, GPU SKUs

Firecracker sandboxes inside Deno Deploy; JS/TS + Python, CPU-only

Canonical Firecracker code-interpreter sandbox; hybrid managed + BYOC

Firecracker by Bunnyshell, ~100ms cold start, pay-per-use

Firecracker SaaS, sub-200ms cold start; Python/JS/Bash SDKs

Snapshot-forking VMs on AMD EPYC Zen 5 bare-metal; ~26ms spin-up

HW-virtualized microVMs tightly coupled to LangChain; GPU on roadmap

gVisor sandboxes inside Modal's serverless GPU platform (T4 → B200)

Alibaba OSS sandbox with gVisor/Kata/runc; Apache 2.0

Firecracker-default (Docker fallback) sandboxed eval for agents

Ephemeral micro-VMs with container layer, deploy-to-VPC option

Firecracker by PandastackIO with userfaultfd snapshot/restore; Agent Forking

Firecracker sandboxes via Fly.io APIs, per-second billing

Per-agent / per-tool-call Firecracker; CIDR+domain network policies

Firecracker with GPU SKUs (a16z-backed, acquired Upstash)

Docker-based serverless sandbox with auto-pause; now under Tensorlake

Firecracker on Amazon Linux 2023; sub-second cold start, OSS SDK

Firecracker hosted "computers" for agents, $20/mo flat, OSS self-host

Apple Virtualization via Lume; macOS/Linux/Windows/Android sandboxes

KVM VMs with hibernate/wake; ~300ms resume; hybrid managed + OSS

Firecracker CDE with Sandpack SDK, 500ms P95 snapshot resume

Kubernetes-based always-hot dev/staging/prod; no cold starts

KVM persistent VMs with disks, IAM, TLS/DNS; 9 regions

Bare-metal microVM dev/CI infrastructure; NEA-backed

OS-level sandbox wrapping any CLI agent (sandbox-exec + bubblewrap/Landlock)

libkrun MicroVM, self-hosted-only OSS; TS/Rust/Python SDKs

Local Landlock + Seatbelt sandbox by Sigstore creator Luke Hinds

Local OS sandbox + bring-your-own-cloud Docker deploy

libkrun VM-per-workload CLI; KVM + Hypervisor.framework; from Fly.io

Local-first macOS app using Apple Virtualization.framework; real VM isolation

V8 isolates / WebAssembly agent OS, ~6.1ms cold start; hybrid

Wasmer-powered WebAssembly sandbox with <5ms restore; global edge

Full Node.js runtime in-browser via WASM; client-side only

Provider-agnostic Python lib wrapping E2B, Modal, Daytona, Vercel, Fly.io

Provider-agnostic JS/TS + Python SDK; 8 providers including Blaxel

Docker-build acceleration + agent sandbox SKU; YC W23, $14.1M

KVM full-VM sandbox + serverless deployments; Landlock isolation

Long-running OSS code-execution judge (Isolate + Docker), 60+ languages

Serverless containers with GPU; acquired by Mistral AI Feb 2026

Multi-runtime serverless platform (Firecracker/Kata/gVisor); BYOC

OSS workflow platform with AI Sandboxes (nsjail); 16,470 stars