OpenAI adds sandboxed Agents runtime

OpenAI has added a native sandbox runtime to its Agents SDK, giving developers a contained place to let agents run commands, edit files, and keep working across longer tasks. (openai.com) OpenAI announced the update on April 15, 2026, and said the new release includes a “model-native harness” plus sandbox execution for agent work. The company’s example points developers to `openai-agents>=0.14.0` and shows a `SandboxAgent` running with a `UnixLocalSandboxClient`. (openai.com) A sandbox is an isolated Unix-like workspace with a filesystem, shell, installed packages, mounted data, exposed ports, snapshots, and resumable state. OpenAI says sandbox agents are available now in the Python Agents SDK, not the TypeScript version. (developers.openai.com) OpenAI splits the system into two parts: a harness that handles the agent loop, model calls, approvals, tracing, and recovery, and a compute layer where the model-directed work actually runs. The company says that separation lets teams keep authentication, billing, audit logs, and human review outside the container where code executes. (developers.openai.com) The change targets a problem that shows up when agent demos become production systems. OpenAI said existing options often forced tradeoffs between flexible frameworks, provider-managed APIs, and the visibility companies need when agents inspect files, run commands, and touch sensitive data. (openai.com) OpenAI introduced the Agents SDK in March 2025 as part of a broader agent stack that also included the Responses API, built-in tools, and tracing. That earlier launch was aimed at single-agent and multi-agent orchestration; the new sandbox layer extends that stack into stateful execution. (openai.com) The company’s current platform pitch is explicitly enterprise-focused. OpenAI says organizations can build with Agent Builder or the code-first Agents SDK, connect to business apps and Model Context Protocol servers, and use evaluations and trace grading to test workflows at scale. (openai.com) The SDK docs frame the sandbox as something to use when an agent needs a directory of documents, must write files for later inspection, has to install packages or run scripts, or needs to pause for human review and resume in the same workspace. If the task only needs a short answer with no persistent workspace, OpenAI says developers should use the Responses API or the basic Agents SDK runtime instead. (developers.openai.com) OpenAI’s tools docs also show how the sandbox fits into a broader tool ecosystem that now includes web search, file search, shell access, remote Model Context Protocol servers, and function calling. In OpenAI’s setup, the model decides when to invoke those tools after developers configure them. (developers.openai.com) The result is a narrower promise than the consumer-facing “AI agent” pitch that dominated much of 2025. OpenAI is selling a safer execution boundary, more explicit control over where work runs, and a path from prototype agents to audited enterprise workflows. (openai.com)