OpenAI Agents SDK adds native sandbox execution and governance controls for enterprise deployment

OpenAI has released new capabilities for its Agents SDK that separate credential management from code execution environments and add native sandbox support through partnerships with providers including E2B, Modal, Blaxel, Cloudflare, Daytona, Runloop, and Vercel.

The SDK now includes a model-native harness with configurable memory, sandbox-aware orchestration, and filesystem tools. Developers can integrate tool use via Model Context Protocol (MCP), custom instructions via AGENTS.md files, and file edits using an apply patch tool.

Architecture changes

The updated SDK introduces a Manifest abstraction that standardizes workspace configuration, allowing teams to mount local files and define output directories. Direct connections to AWS S3, Azure Blob Storage, Google Cloud Storage, and Cloudflare R2 are supported.

The separation of the control harness from the compute layer means credentials remain isolated from environments where model-generated code executes. According to OpenAI, this architecture prevents injected malicious commands from accessing the central control plane or stealing API keys.

State persistence and cost reduction

The SDK implements snapshotting and rehydration capabilities. If a container crashes during a long-running task, the system can restore state in a fresh container and resume from the last checkpoint without restarting the entire process. OpenAI claims this reduces cloud compute spending by eliminating the need to re-run failed multi-step operations.

Production deployment example

Oscar Health tested the infrastructure to automate clinical records workflows. Rachael Burns, Staff Engineer and AI Tech Lead at Oscar Health, said the system now extracts metadata and identifies patient encounter boundaries in complex medical files that previous approaches could not handle reliably.

"The difference was not just extracting the right metadata, but correctly understanding the boundaries of each encounter in long, complex records," Burns said.

Availability and pricing

The new capabilities are generally available through OpenAI's API with standard token-based pricing and no custom procurement contracts required. The harness and sandbox features launch first for Python developers, with TypeScript support planned for a future release.

OpenAI states it will add code mode and subagents to both Python and TypeScript libraries, expand sandbox provider support, and offer additional integration methods for existing internal systems.

What this means

The credential isolation architecture addresses a genuine security concern for enterprises running AI agents in production: the risk of prompt injection attacks accessing sensitive credentials. The state persistence feature solves a real cost problem with long-running agent tasks. However, the actual reliability improvements and cost savings compared to existing solutions remain unverified beyond Oscar Health's reported experience. The SDK's success will depend on whether the standardized approach proves more maintainable than custom-built solutions across diverse enterprise environments.