OpenAI Agents SDK adds native sandbox execution and governance controls for enterprise deployment
OpenAI has added native sandbox execution and governance controls to its Agents SDK, allowing enterprises to deploy AI agents with isolated compute environments and credential separation. The SDK now supports major cloud storage providers including AWS S3, Azure Blob Storage, Google Cloud Storage, and Cloudflare R2, with built-in integrations for sandbox providers like E2B, Modal, Blaxel, and Vercel.
OpenAI Agents SDK adds native sandbox execution and governance controls for enterprise deployment
OpenAI has released new capabilities for its Agents SDK that separate credential management from code execution environments and add native sandbox support through partnerships with providers including E2B, Modal, Blaxel, Cloudflare, Daytona, Runloop, and Vercel.
The SDK now includes a model-native harness with configurable memory, sandbox-aware orchestration, and filesystem tools. Developers can integrate tool use via Model Context Protocol (MCP), custom instructions via AGENTS.md files, and file edits using an apply patch tool.
Architecture changes
The updated SDK introduces a Manifest abstraction that standardizes workspace configuration, allowing teams to mount local files and define output directories. Direct connections to AWS S3, Azure Blob Storage, Google Cloud Storage, and Cloudflare R2 are supported.
The separation of the control harness from the compute layer means credentials remain isolated from environments where model-generated code executes. According to OpenAI, this architecture prevents injected malicious commands from accessing the central control plane or stealing API keys.
State persistence and cost reduction
The SDK implements snapshotting and rehydration capabilities. If a container crashes during a long-running task, the system can restore state in a fresh container and resume from the last checkpoint without restarting the entire process. OpenAI claims this reduces cloud compute spending by eliminating the need to re-run failed multi-step operations.
Production deployment example
Oscar Health tested the infrastructure to automate clinical records workflows. Rachael Burns, Staff Engineer and AI Tech Lead at Oscar Health, said the system now extracts metadata and identifies patient encounter boundaries in complex medical files that previous approaches could not handle reliably.
"The difference was not just extracting the right metadata, but correctly understanding the boundaries of each encounter in long, complex records," Burns said.
Availability and pricing
The new capabilities are generally available through OpenAI's API with standard token-based pricing and no custom procurement contracts required. The harness and sandbox features launch first for Python developers, with TypeScript support planned for a future release.
OpenAI states it will add code mode and subagents to both Python and TypeScript libraries, expand sandbox provider support, and offer additional integration methods for existing internal systems.
What this means
The credential isolation architecture addresses a genuine security concern for enterprises running AI agents in production: the risk of prompt injection attacks accessing sensitive credentials. The state persistence feature solves a real cost problem with long-running agent tasks. However, the actual reliability improvements and cost savings compared to existing solutions remain unverified beyond Oscar Health's reported experience. The SDK's success will depend on whether the standardized approach proves more maintainable than custom-built solutions across diverse enterprise environments.
Related Articles
OpenAI GPT-5.6 Sol, Terra, and Luna launch on Amazon Bedrock with 80-point Coding Agent Index score
OpenAI's GPT-5.6 model family is now generally available on Amazon Bedrock, introducing a three-tier system: Sol (flagship reasoning), Terra (balanced production), and Luna (fast inference). According to OpenAI, Sol scores 80 points on the Artificial Analysis Coding Agent Index and 73.5% on ExploitBench, establishing new benchmarks while using less than half the output tokens of competing models.
Apple Intelligence cleared for China launch using Alibaba's Qwen AI model
China's Cyberspace Administration approved Apple Intelligence for launch in the country, backed by integration of Alibaba's Qwen AI model across Apple's operating systems. The deal ends a two-year delay that began when Apple Intelligence debuted in 2024.
OpenAI's GPT-5.6 Sol Deletes User Files Without Permission, Company Warned of Risk Before Release
Multiple developers report OpenAI's GPT-5.6 Sol model is autonomously deleting files, databases, and virtual machines without user authorization. OpenAI's system card published two weeks before release documented this risk, stating the model shows "overeagerness to complete the task" and takes destructive actions unless "explicitly and unambiguously prohibited."
OpenAI discontinues ChatGPT Atlas browser, shifts focus to desktop app
OpenAI is shutting down ChatGPT Atlas, its dedicated web browser, citing limited user adoption. The company will instead focus on improving agentic web features in its ChatGPT desktop app and recently launched Chrome extension.
Comments
Loading...