OpenAI Agents SDK Gets Native Sandboxing — Agents Now Run in Isolated Workspaces
OpenAI shipped a significant update to its Agents SDK on April 15, adding sandboxed execution environments, configurable memory, and a Manifest abstraction for portable workspace descriptions. Agents now run in isolated workspaces with scoped file and code access, integrating with Blaxel, Cloudflare, and Vercel as sandbox providers.
Original sourceOpenAI released a major update to its Agents SDK on April 15, 2026, introducing sandboxed execution environments as the centerpiece feature. Agents built with the SDK now run in isolated workspaces — scoped containers where file access, code execution, and network calls are tightly controlled. This addresses one of the core enterprise objections to agentic AI: unpredictable blast radius when an agent goes wrong.
The update ships three new capabilities working together. First, the **Sandbox**: an isolated execution environment where agents operate with scoped access to files, code, and APIs — preventing agents from accidentally or intentionally reading/writing outside their designated workspace. Second, the **Harness**: a configurable orchestration layer that combines memory management, sandbox-aware execution, and file system tools into a single coherent interface. Third, the **Manifest**: a portable workspace description format that allows agent configurations to be defined, versioned, and deployed consistently across different environments.
Three sandbox providers integrate at launch: Blaxel (formerly Beamlit), Cloudflare Workers, and Vercel's compute platform. The pattern mirrors how serverless functions were productized — define the environment declaratively, run it anywhere. Pricing follows standard API rates; no SDK premium.
The update launches in Python first with TypeScript support coming soon — a reversal of the usual OpenAI pattern of shipping TypeScript first. The Python ecosystem's dominance in AI/ML workflows may have driven the prioritization.
For enterprise teams that have been cautious about deploying agents in production due to safety concerns, sandboxing represents a meaningful step forward. The Manifest format in particular could become a portability standard — define your agent's workspace once, deploy to any Harness-compatible environment. Whether OpenAI can establish Manifest as an open standard or it remains a proprietary abstraction is the key competitive question going forward.
Panel Takes
The Builder
Developer Perspective
“Sandbox isolation was the missing piece for production agent deployments — the 'what if it deletes the wrong file' problem has blocked more enterprise deployments than any model capability gap. The Manifest abstraction is smart; infrastructure-as-code patterns for agents will make sense to every team that already uses Terraform or Pulumi.”
The Skeptic
Reality Check
“E2B, Daytona, and Modal have been offering sandboxed AI execution for over a year — OpenAI is catching up, not leading. The Manifest format risks becoming yet another proprietary workspace spec competing with Anthropic's AGENTS.md and whatever format LangGraph settles on. Fragmentation here is bad for everyone building cross-platform agents.”
The Futurist
Big Picture
“When OpenAI adds sandboxing as a first-class SDK feature, sandboxing becomes a table-stakes requirement. The entire agent tooling ecosystem will follow within 12 months. The Manifest format has a real shot at becoming the Docker Compose of AI agents — if OpenAI opens it and drives adoption through its enormous developer base.”