Agents SDK sandbox

OpenAI has added sandboxing to its Agents software development kit, giving AI agents a controlled workspace to run code and handle files instead of touching live systems directly. (openai.com) OpenAI announced the update on April 15, 2026, alongside what it calls a “model-native harness,” the runtime layer that lets an agent use tools, inspect files, and keep working across multiple steps. Sandbox agents are available now in the Python Agents SDK, with TypeScript support planned later. (openai.com) In plain terms, a sandbox is a sealed-off computer session. OpenAI’s docs say developers can use it when an agent needs to run commands, manipulate files, mount a data room, generate artifacts, expose a service, or resume stateful work later. (developers.openai.com) The split OpenAI is pushing is between the harness and the compute. The harness manages the agent’s loop and tool calls, while the sandbox is the machine where code actually runs, which lets teams separate orchestration from execution. (developers.openai.com) That addresses a problem that has slowed enterprise agent projects since 2024: large language models can plan tasks, but production systems still need guardrails around file access, shell commands, long-running jobs, and resumable work. OpenAI’s own SDK docs now position sandbox agents as the option for “a real workspace” and multi-step execution. (openai.com) OpenAI is also trying to standardize the infrastructure around those jobs instead of leaving each customer to wire it up alone. The company said developers can bring their own sandbox or use built-in support for providers including Cloudflare, E2B, Modal, and Vercel. (openai.com) The update lands as OpenAI broadens its agent tooling beyond simple chat-style prompts. In the same announcement, the company said it is adding managed agent application programming interfaces, memory controls, and tighter limits on where agents run and how they reach sensitive data. (openai.com) The Agents SDK itself is open source and provider-agnostic, according to its GitHub repository, which says it supports OpenAI’s Responses and Chat Completions interfaces as well as more than 100 other language models. That makes the sandbox push less about one model release and more about the runtime architecture around agent work. (github.com) Early customer reaction has focused on regulated work. In OpenAI’s release materials, LexisNexis Chief AI Officer Min Chen said the SDK’s isolated environments and built-in safeguards helped the company build long-running legal agents without creating its own execution layer from scratch. (helpnetsecurity.com) The immediate takeaway is narrower than the hype around “autonomous agents.” OpenAI is shipping more of the plumbing developers need when an agent has to do real computer work for minutes or hours, not just answer a prompt in one turn. (openai.com)