/ Kiz8/ Tech review/ Sandbox

Sandbox.

/ Where agents run code.

Compute sandboxes for AI agents — microVMs, containers, and snapshot architectures that let agents run code, browse the web, and persist state without crashing each other or the host.

46 vendors·Last update 2026-05-18

/ tab
Timeline(35)Trend(10)Sandboxes data(46)Companies(10)Founders(54)Market data(7)

/ timeline · Industry chronology

Eight years of
the sandbox stack

From Google's gVisor open-source release to Rivet Agent OS — how AI-native compute went from a single milestone per year to one per week.

May 2018 → Jun 202635 milestones · 30+ companies Live · updated weekly

Total milestones

35

May 2018 → Jun 2026

Last 18 months

26

74% of all activity

Funding rounds

9

Seed → growth

Launches & GAs

12

Public products

Months from 1st AI sandbox

34

E2B seed → today

Milestones per year — the acceleration

Fig. 01 · annual count

2
0
1
2
1
1
2
14
12
2018
2019
2020
2021
2022
2023
2024
2025
2026
Era I · foundational sandboxing (2018 — 2022)Era II · first AI sandboxes (2023 — 2024)Era III · cambrian acceleration (2025 — )
May2018
OS

Google open-sources gVisor

Alternative to full VMs for container sandboxing — the first user-space kernel that would seed an entire industry.

Nov2018
OS

AWS open-sources Firecracker at re:Invent

MicroVMs with sub-second boot at scale — the substrate Lambda, Fly.io and a dozen sandboxes would later build on.

No tracked activity this year.
Jul2020
GA

Cloudflare Workers GA

V8 isolates for edge functions with 1 ms boot — proves serverless can run inside a browser engine.

Jun2021
FOUNDED

Modal founded by Erik Bernhardsson

gVisor-based serverless compute aimed at data and ML workloads.

Nov2021
FUND

Northflank Series A — £12M

Full-stack development platform; early signal that container-platforms-as-a-service can fund up.

Jun2022
OS

Cloudflare forks gVisor → Secure EC

Edge-optimized container sandboxing; the security model that would become Sandbox SDK.

Aug2023
FUND

E2B raises $7.85M seed

First dedicated "sandbox for AI agents" startup. Pre-ChatGPT-tooling-rush.

Apr2024
GA

E2B public API + language SDKs

General availability for AI agent builders. The reference API the rest of the industry would copy.

Sep2024
BETA

Cloudflare Sandbox SDK (private beta)

Browser preview + isolated APIs; Cloudflare's edge primitives repositioned for agents.

Jan2025
PIVOT

Daytona pivots to AI sandboxes

"Built a beta on New Year's Eve without telling anyone." Dev-environment startup repositions overnight.

Feb2025
LAUNCH

Sprites / Fly.io launches

"Disposable computer" — copy-on-write checkpoints, fork-a-VM-in-25ms.

Mar2025
HN #1

noho hits #1 on Hacker News

Kernel-native agent security. The category goes mainstream-developer-aware.

Apr2025
BETA

Cloudflare Sandbox SDK — public beta

Tiered isolation model documented in public; reference design for edge sandboxes.

Jun2025
FUND

Chainguard raises $280M growth round

Valuation reaches $3.5B. Container security crosses into household-name territory.

Jul2025
FUND

Northflank Series A — $22.5M

Bain Capital leads; expands sandbox + BYOC infrastructure for enterprise.

Jul2025
FUND

E2B Series A — $21M

Insight Partners; valuation north of $200M. The category-defining startup gets its A.

Jul2025
FUND

Blaxel seed — $7.3M (YC S25)

First Round leads; 25 ms resume becomes the new throughput benchmark.

Aug2025
M&A

CodeSandbox acquired by Together AI

$15.1M total raised before exit; first AI-focused consolidation in the space.

Sep2025
FUND

StackBlitz Series B — $105.5M

$700M valuation. Emergence Capital + GV. Browser-VMs cross the unicorn-adjacent line.

Oct2025
FOUNDED

ComputeSDK founded (ex-StackBlitz)

Meta-aggregator approach — abstract over every sandbox provider.

Oct2025
LAUNCH

Smolmachines launches (YC S26)

Local-first microVMs distributed as .smolmachine files. New artifact format.

Nov2025
OS

Mirage v0.0.1 released

Unified virtual filesystem for sandboxed agents — read-anywhere, write-isolated.

Dec2025
LAUNCH

Hopx / Bunnyshell launches

AI sandbox tuned for dev-workflow snapshots; positions against E2B for code-execution.

Jan2026
LAUNCH

Fence Sandbox launches

Container-free OS-level sandboxing — sidesteps the runc/OCI surface entirely.

Jan2026
FUND

Chainguard $280M growth round

$3.5B valuation re-stated as round closes; security tooling continues to scale.

Jan2026
GA

Vercel Sandbox GA

Sub-100 ms boot via Firecracker. The largest frontend platform ships sandbox-as-primitive.

Feb2026
FUND

Daytona Series A — $24M

FirstMark Capital leads. The Jan-2025 NYE pivot pays off thirteen months later.

Feb2026
LAUNCH

Cased launches

Multi-provider Python library — write once, run on any sandbox backend.

Mar2026
REL

SMFS v0.0.5

Semantic-grep filesystem; agents search code by meaning, not regex.

Mar2026
OSS

Open Sandbox Alibaba — 3,845 stars / 72 h

CNCF-listed; multi-engine. Open-source momentum from Asia hits hockey-stick.

Apr2026
LAUNCH

Castari launches (YC F25)

"Vercel for AI agents." Bundles compute, sandbox, and agent runtime into one deploy target.

Apr2026
GA

Runloop — GA launch

Custom bare-metal hypervisor; targets long-running agent sessions where snapshots matter.

Apr2026
SCALE

Koyeb expands to 250+ regions

14 ms container boot. Edge sandboxing reaches CDN-grade global coverage.

May2026
REL

Microsandbox v0.4.5

Local-first sandbox with built-in MCP server — agents bring their own tools.

Jun2026
REL

Rivet Agent OS v0.1.1

V8-based; 6 ms cold start. New floor on what "instant compute" means.

● funding · ● launch · ○ release · ◇ milestone — 9 rounds, 12 launches, 35 total

Active tab: Timeline