CubeSandbox: a high-performance secure sandbox service for AI agents with hardware-level isolation and sub-60ms boot times

CubeSandbox: a high-performance secure sandbox service for AI agents with hardware-level isolation and sub-60ms boot times

What it solves

AI agents often need to execute untrusted code generated by LLMs. Doing this in standard containers (like Docker) is risky because they share the same OS kernel, making them vulnerable to "escapes." CubeSandbox provides a high-performance, hardware-isolated environment where each agent gets its own dedicated kernel, ensuring that malicious or buggy code cannot compromise the host system while maintaining the speed of a lightweight container.

How it works

Built on RustVMM and KVM, CubeSandbox creates MicroVMs that boot in under 60ms with minimal memory overhead (<5MB). It uses a custom architecture comprising a Rust-based API gateway (CubeAPI), a cluster orchestrator (CubeMaster), and an eBPF-based virtual switch (CubeVS) for network isolation. It is designed to be a drop-in replacement for the E2B SDK, allowing developers to migrate by simply changing a URL environment variable.

Who it’s for

Developers building AI agents that require a secure, scalable way to execute code, run browser automation, or perform RL training without managing complex virtualization infrastructure.

Highlights

  • Extreme Performance: Cold starts in under 60ms and ultra-low memory footprints allow thousands of sandboxes to run on a single node.
  • Hardware-Level Isolation: Each instance has its own Guest OS kernel, preventing shared-kernel escapes.
  • State Management: The CubeCoW engine enables hundred-millisecond snapshots, cloning, and rollbacks to any saved state.
  • Security Tooling: Includes a credential vault to keep API keys out of the sandbox and an egress gateway for domain allowlisting and auditing.
  • Operational Ease: Features a Web console for visual management of templates and nodes, and supports Terraform for one-click cluster deployment.

Sources