Infra & cost

Sandbox

An isolated execution environment where AI-generated code or agent actions can run without affecting the host system.

01 ——

In plain English

A sandbox is a contained environment — usually a short-lived Docker container or VM — where an AI model can run code, browse the web, or execute commands without touching the user's actual machine or sensitive systems. It's the safety primitive that makes coding agents and computer-use agents deployable.

What sandboxes protect against:

  • Destructive commandsrm -rf / only deletes the sandbox
  • Data exfiltration — outbound network limited or proxied
  • Resource exhaustion — CPU, memory, disk capped
  • Persistence — sandbox dies after the session

Common providers:

  • E2B, Modal, Daytona, Browserbase — managed sandboxes-as-a-service
  • OpenAI Code Interpreter — built-in sandbox for ChatGPT
  • Anthropic Claude analysis tool — built-in sandbox for Claude
  • Local options — Docker, Firecracker microVMs, Bubblewrap

What still leaks: Even sandboxed agents can be social-engineered into emailing data out, posting credentials to chat, or persisting state in third-party services. Sandboxes are a strong primitive but not a complete defence.

02 ——

Related terms

Code Interpreter
A sandboxed code-execution tool an AI agent can call to run scripts, do math, analyse files, or generate charts on the fly.
Tool Use
The ability of an AI model to call external tools — like a calculator, search engine, or API — to help answer a question.
AI Agent
Software that uses an LLM to plan and act — picking tools, taking actions, and adapting based on results to complete a user’s goal.
Computer Use
The capability for an AI model to control a computer the way a human does — moving the mouse, clicking, typing, reading the screen.
Agentic Workflow
A multi-step task where an AI agent autonomously decides the steps, uses tools as needed, and works toward a goal with minimal human steering.
Guardrails
Rules and filters that constrain what an AI model can output — used to block harmful, off-topic, or non-compliant responses.
Back to glossaryLast reviewed May 2026
Vol. 4 · Issue 19 · Last reviewed 2026-05-30

Sign up for our newsletter

Receive weekly updates so you can stay up-to-date with the world of AI

Discover, explore, and compare the most innovative AI tools in the industry

Explore

All AI tools

Top 100 AI tools

Curated collections

AI tool alternatives

AI categories

Pricing

AI glossary

Compare AI tools

Blog

Methodology

Editorial team

AI graveyard

Latest collections
Policy

Terms & conditions

Privacy policy

FAQ

Refund policy

Affiliate disclosure