Open Source
Explore the latest AI open-source projects from GitHub and HuggingFace.
Explore the latest AI open-source projects from GitHub and HuggingFace.
CubeSandbox is Tencent's open-source secure sandbox service purpose-built for running untrusted, AI-agent-generated code. Built on RustVMM and KVM, it creates a hardware-isolated, fully serviceable sandbox in under 60ms with less than 5MB of memory overhead, and it is compatible with the E2B SDK out of the box. The project supports both single-node deployment and easy scaling to multi-node clusters, targeting teams that need to execute LLM-produced code at scale without exposing their infrastructure. ## Hardware-Level Isolation Unlike Docker containers that share the host kernel, each CubeSandbox instance gets its own dedicated Guest OS kernel, combined with eBPF-based controls. This microVM approach eliminates the shared-kernel escape surface that makes container isolation risky for arbitrary code, letting agents run untrusted, model-generated programs safely. It is the core reason CubeSandbox is positioned for production AI Agent code execution rather than lighter-weight container sandboxes. ## Sub-60ms Boot and High Density CubeSandbox aggressively strips the guest to reach an average cold start under 60ms and per-instance overhead below 5MB, enabling thousands of concurrent sandboxes on a single node. Under load, benchmarks report roughly 67ms average and P95 around 90ms at moderate concurrency, staying consistently sub-150ms. AutoPause and AutoResume let idle sandboxes suspend and wake on the next request, optimizing cost for bursty agent workloads. ## Drop-in E2B Compatibility The service exposes native E2B SDK compatibility, so teams already building on E2B can migrate by swapping a single URL environment variable with zero business-code changes. This lowers adoption friction significantly and makes CubeSandbox a self-hosted alternative for organizations that want to keep code execution on their own hardware. ## Snapshot, Clone, and Rollback Version 0.3 introduced the CubeCoW copy-on-write snapshot engine, enabling event-level snapshots, instant cloning, and rollback to any saved state at hundred-millisecond granularity. This is valuable for reinforcement-learning environments and reproducible agent runs, where forking from a checkpoint or reverting to a known-good state is a common operation. ## Security and Operations Tooling CubeSandbox ships a credential vault so agents can call LLMs and external APIs while keys never enter the sandbox, model context, or logs. Egress control provides domain allowlists, instant blocking of unauthorized traffic, and full audit logs for compliance. A browser-based web console manages sandboxes, templates, nodes, and a version matrix, while a template system turns OCI images into distributable templates in one step. Recent releases added Terraform one-click cluster deployment, native ARM64 support, and network policy hardening. ## Assessment CubeSandbox addresses a concrete and growing problem: safely executing code that autonomous agents write. Its microVM architecture, E2B compatibility, and snapshot tooling make it a credible self-hosted option, though the custom RustVMM/KVM stack and multi-node operations imply a steeper setup and infrastructure requirement than a simple container runtime. It is best suited to platform teams building agent products who need strong isolation and cost-efficient density on their own hardware.