OpenAI has released a significant update to its Agents SDK, introducing native support for "sandboxes" to facilitate the isolated execution of AI agents. This advancement allows developers to build agents capable of inspecting files, executing commands, editing code, and managing complex workflows within secure, contained environments. The updated SDK integrates tool usage via the Model Context Protocol (MCP), code execution through a shell tool, and file editing via an apply-patch tool, while also supporting custom instructions through AGENTS.md files.
At the core of this update is the shift toward agents operating in isolated environments, each equipped with its own files, tools, and dependencies. The SDK is compatible with prominent infrastructure providers such as Cloudflare, Vercel, E2B, and Modal, though developers also have the flexibility to integrate their own proprietary sandboxing solutions. OpenAI emphasizes that decoupling control logic from the computing environment is critical for improving the security, stability, and scalability of AI agents. If an agent encounters a runtime error, it can now seamlessly resume operations within a fresh container.
This move by OpenAI addresses a primary hurdle for enterprise adoption of AI agents: reliability and data security. By isolating agent operations, companies can mitigate risks associated with executing untrusted code and protect sensitive data from potential leaks. These new features are currently available for Python, with TypeScript support expected in the near future. Usage is billed according to standard OpenAI API rates.
What this means for your business: For organizations already deploying or planning to implement AI agents for corporate tasks—particularly those involving sensitive data and complex operations—this update establishes a new benchmark for secure implementation. The ability to run agents in protected, isolated environments directly leads to the creation of more robust, scalable, and trustworthy AI solutions, safeguarding business operations against unforeseen failures and security vulnerabilities.