Google is launching Agent Sandbox, a new Kubernetes primitive built for AI agents. The technology provides kernel-level isolation and can run thousands of sandboxes in parallel.
Google built Agent Sandbox as an open-source project within the Cloud Native Computing Foundation. The technology is based on gVisor, with additional support for Kata Containers. This provides kernel-level isolation that counteracts vulnerabilities.
Each agent task is assigned its own isolated sandbox. Users expect the infrastructure to scale, even when thousands of sandboxes are running simultaneously. “Provided a request like “visualize last quarters sales data”, the agent has to use one tool to query the data and another to process that data into a graph and return to the user,” Google explains.
For AI developers, the build provides a Python SDK that enables them to manage the lifecycle of sandboxes without requiring infrastructure knowledge. A simple context manager is all that is needed to set up a sandbox and execute commands.
Performance advantage on GKE
Agent Sandbox achieves extra performance on Google Kubernetes Engine. By configuring pre-warmed pools with sandboxes, latency drops to less than a second. That is 90 percent faster than cold starts.
In addition, Google is introducing Pod Snapshots, exclusively for GKE. This feature enables checkpointing and recovery of running pods. Sandboxes can start up from snapshots, reducing startup time from minutes to seconds. GPU workloads are also supported.
Idle sandboxes can be snapped and suspended. This saves compute cycles without disrupting end users. This optimizes the use of scarce resources.
Agent Sandbox is now available as an open-source project and can be deployed directly on GKE. Pod Snapshots is in limited preview and will be generally available to all GKE customers later this year. Documentation and quickstarts are available online.
Tip: Google Cloud serves enterprises with specialized GKE version