LangSmith Sandboxes Enable Safe Agent Code Execution with MicroVMs

LangChain

Jun 7, 2026

LangChain has made LangSmith Sandboxes generally available, providing kernel-isolated microVMs for AI agents. These environments allow agents to safely execute untrusted, model-generated code, enabling complex workflows without compromising infrastructure security. This shifts agents from answering questions to autonomously performing work in production environments.

LangSmith Sandboxes are now generally available, offering secure, scalable environments for AI agent code execution. Each sandbox runs as a hardware-virtualized microVM (micro-virtual machine), kernel-isolated from services and other sandboxes, ensuring security for untrusted, model-generated code. The sandboxes integrate with the Deep Agents SDK and the LangSmith platform.

Availability: Generally Available
Isolation: Hardware-virtualized microVMs, kernel-isolated
Key Features: Snapshots, cheap copy-on-write forks, Service URLs, Sandbox CLI, Auth Proxy
Integration: Deep Agents SDK, LangSmith platform
Security: Creator-private by default, Auth Proxy for credentials
Customer Use: monday.com's Sidekick AI assistant

The need for strong isolation arises from risks like supply-chain attacks, such as the Shai-Hulud npm worm, and kernel exploits like Copy Fail (CVE-2026-31431), which can bypass container-level security. Containers, designed for vetted application code, are insufficient for stateful agent workloads that install packages, edit files, and follow long-running tasks with untrusted code.

LangSmith Sandboxes include features like snapshots and cheap copy-on-write forks for parallel branches, Service URLs for authenticated HTTP access, and a Sandbox CLI for management. monday.com uses these sandboxes for its Sidekick AI assistant, allowing it to write and run code for advanced user workflows, including data analysis and multimedia generation.

"LangSmith Sandboxes are helping us make our Sidekick, our AI assistant, much more capable for monday.com users. With secure environments, Sidekick can write and run code, and use the results to create richer workflows, like running data analysis and generating multimedia." Omri Bruchim AI Platform Group Manager monday.com — monday.com leverages LangSmith Sandboxes to enhance Sidekick AI assistant capabilities through secure code execution and data analysis.

LangSmith Sandboxes performance update — the platform now achieves a median spin-up time of 0.98 seconds. This capability allows developers to dynamically scale to thousands of concurrent sandboxes without managing underlying compute infrastructure, addressing the need for low-latency, high-concurrency environments for user-facing AI agents.

View the full update on langchain.com

LangChain

@LangChain5d ago

Sandboxes are already helping teams move from agents that answer questions to agents that can do work safely. At @mondaydotcom, that means giving Sidekick a secure environment to write and run code for more advanced user workflows. https://t.co/C7j8aZlkMx

427

View on X

Still wondering? A few quick answers below.

LangSmith Sandboxes are secure, scalable execution environments for AI agents, now generally available. They use hardware-virtualized microVMs that are kernel-isolated from other services and sandboxes, allowing agents to safely run untrusted, model-generated code.

AI agents often generate and execute code, install dependencies, and manage state. Running this untrusted code requires strong isolation to prevent supply-chain attacks or kernel exploits from compromising infrastructure, which standard containers cannot fully guarantee.

The General Availability release adds snapshots and cheap copy-on-write forks for parallel execution, Service URLs for authenticated HTTP access, a Sandbox CLI for management, and an Auth Proxy with custom callbacks for secure credential injection.

Teams are using LangSmith Sandboxes to enable agents to perform complex work safely, moving beyond simple question-answering. For example, monday.com's Sidekick AI assistant uses them to write and run code for advanced user workflows like data analysis and multimedia generation.

Sandboxes are kernel-isolated microVMs, preventing code from escaping to the host system. They are creator-private by default, and an Auth Proxy handles outbound requests, injecting credentials at the network layer so secrets never touch the runtime environment.

Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →

Keep reading

LangChain Launches LLM Gateway for Agent Runtime Governance

LangChain launched LangSmith LLM Gateway, a runtime governance layer for AI agents. This gateway enforces cost limits and redacts sensitive data before requests reach LLM providers, integrating policy violations as traceable events directly within LangSmith for unified management.

OpenAI Secures Agent Workflows by Separating Credentials from Execution Environments

OpenAIApr 15

OpenAI Secures Agent Workflows by Separating Credentials from Execution Environments

OpenAI updated its Agents SDK to support isolated execution environments through a native Vercel Sandbox integration. This architecture keeps sensitive credentials in the orchestration layer while allowing agents to run code in secure MicroVMs. It enables developers to build autonomous systems that can safely execute untrusted code without risking host system exposure.

Cloudflare Launches Sandboxes to Give AI Agents a Persistent Computer

CloudflareApr 13

Cloudflare Launches Sandboxes to Give AI Agents a Persistent Computer

Cloudflare Sandboxes are now generally available, providing AI agents with isolated, persistent environments to execute code and manage development servers. This infrastructure shift allows agents to perform multi-step engineering tasks like human developers while maintaining security through programmable credential injection.

Notion Workers Run on Vercel Sandbox for Secure Agent Code Execution

VercelMar 15

Notion Workers Run on Vercel Sandbox for Secure Agent Code Execution

Notion Workers, Notion's new feature for extending AI agents with custom code, runs on Vercel Sandbox. Each Worker executes in an isolated Firecracker microVM with credential injection and dynamic network policies, giving enterprises safe untrusted code execution at scale.

What are LangSmith Sandboxes?

Why do AI agents need sandboxes?

What new features are included in the GA release?

How are teams using LangSmith Sandboxes?

How do LangSmith Sandboxes ensure security?

Keep reading

LangChain Launches LLM Gateway for Agent Runtime Governance

LangChain Launches LLM Gateway for Agent Runtime Governance

OpenAI Secures Agent Workflows by Separating Credentials from Execution Environments

OpenAI Secures Agent Workflows by Separating Credentials from Execution Environments

Cloudflare Launches Sandboxes to Give AI Agents a Persistent Computer

Cloudflare Launches Sandboxes to Give AI Agents a Persistent Computer

Notion Workers Run on Vercel Sandbox for Secure Agent Code Execution

Notion Workers Run on Vercel Sandbox for Secure Agent Code Execution

Keep reading

LangChain Launches LLM Gateway for Agent Runtime Governance

LangChain Launches LLM Gateway for Agent Runtime Governance

OpenAI Secures Agent Workflows by Separating Credentials from Execution Environments

OpenAI Secures Agent Workflows by Separating Credentials from Execution Environments

Cloudflare Launches Sandboxes to Give AI Agents a Persistent Computer

Cloudflare Launches Sandboxes to Give AI Agents a Persistent Computer

Notion Workers Run on Vercel Sandbox for Secure Agent Code Execution

Notion Workers Run on Vercel Sandbox for Secure Agent Code Execution