OpenAI adds sandbox isolation to Agents SDK for secure AI agent deployment

OpenAI has shipped a major update to its Agents SDK that introduces native sandbox support for running AI agents in isolated environments with separate files, tools, and dependencies.

The Agents SDK provides developers with building blocks for AI agents that can check files, run commands, edit code, and handle extended tasks. The framework integrates tool usage through the Model Context Protocol (MCP), code execution via a shell tool, file editing with an apply-patch tool, and custom instructions through AGENTS.md files.

Sandbox isolation for production deployment

The key addition is native support for isolated execution environments. According to OpenAI, agents now run in sandboxes with their own files, tools, and dependencies, separating control logic from the computing environment.

The SDK supports sandbox providers including Cloudflare, Vercel, E2B, and Modal. Developers can also integrate custom sandbox solutions.

OpenAI claims this separation makes agents more secure, stable, and easier to scale. If an agent encounters an error, it can resume execution in a fresh container from where it stopped.

File management and workspace support

The SDK includes a manifest function that describes the workspace and supports both local files and cloud storage services including AWS S3, Google Cloud Storage, and Azure Blob Storage.

The framework connects user input, AI models, and tools into a unified system for building AI agents.

Availability and pricing

The sandbox features are available in Python now, with TypeScript support coming later. Standard OpenAI API pricing applies to usage.

No specific release date was provided for the TypeScript version.

What this means

Sandbox isolation addresses a critical security concern for AI agents that execute code and access files. Running agents in containerized environments limits potential damage from errors or malicious inputs. The support for multiple sandbox providers gives developers deployment flexibility, though the security effectiveness will depend on how thoroughly these sandboxes restrict agent capabilities. This positions the Agents SDK as infrastructure for production agent deployments rather than just prototyping.