15:I[981,["658","static/chunks/658-a698693f56d0116a.js","183","static/chunks/183-6beeeb801c274aaa.js","474","static/chunks/app/%5Btype%5D/layout-631c4730b83c8223.js"],"Posts"] 16:T744,Hi HN, today we're launching Open Sandbox, an open-source, self-hostable Linux sandbox written in Rust. It runs commands in isolated environments using process level sandboxing rather than micro VMs.

AI agents and LLMs generate code, but you can't just exec() untrusted code on your machine. You need a sandbox, an isolated environment where that code runs without access to your hostsystem/data.

The idea came from a conversation between my co-founders and me about slow startup times in Firecracker/micro-VM-based sandboxes. He mentioned that during his PhD in the UK, he'd used process-level sandboxes in competitive programming, and they were fast. That sent us down a rabbit hole.

We looked at existing implementations of sandboxes with process level isolation like Isolate, Minijail, nsjail and found that process-level sandboxes have very low resource overhead and surprisingly fast startup times. So we built our own in Rust.

How this compares to E2B, Modal etc? Those are great products, but they're hosted services built on micro-VMs or containers. You send your workloads to their infrastructure and pay per usage.

Open Sandbox is different in three ways:

1. Self-hosted and open source. Your code never leaves your machines. (although, yes, e2b is open source but it is far from easy to self-host)

2. Process-level isolation instead of VMs. This means ~100ms startup and very low resource overhead per sandbox, vs the micro-VM approaches.

3. The trade-off is weaker isolation. A kernel exploit could escape the sandbox.

We also ran some benchmarks vs E2B: Open Sandbox was 2x faster at sandbox creation, faster at Git Clone, and also had 6x concurrency. E2B was faster on command execution. More details in the README of the repo with exact numbers.

This is incredibly early - curious on feedback!

Generative AI for Krita

First MW-class S2000 airborne wind turbine

Parent company of Johnny Rockets, Fatburger files for bankruptcy

Group at CNIO eliminates pancreatic tumours in mice

Show HN: Lightweight Ollama / Open Web UI Alternative

Toyota partner breaks ground on electrolytes plant for solid-state EV batteries

DECT NR+ Link-Level Simulation

ICE Expands Power of Agents to Arrest People Without Warrants

Stop Child Abuse – Trace an Object

Silver and gold hit record highs – then crashed

Using an RTL-SDR as a Spectrum Analyzer

CATL and BYD bet on sodium-ion EV batteries to overcome rising lithium prices

USA Ubiquiti Gear Powers Russian Military Networks in Ukraine Despite Sanctions

SaneBar – Privacy-first menu bar manager for macOS (open source)

You are being misled about renewable energy technology [video]

Show HN: I created a Polymarket Insider dashboard so you don't have to

My Workplace Disallows APIs

Exploiting MediaTek's Download Agent

Court Filings: ICE App Identifies Protesters; Global Entry, PreCheck Get Revoked

Show HN: A2ABench – agent-native dev Q&A with MCP search/fetch and A2A discovery

Elon Musk emailed Epstein about 'wildest party' on private island: new docs

Coding Is When We're Least Productive

Show HN: Open Sandbox – an open-source self-hostable Linux sandbox for AI agents

Testing AI agents on web security challenges

Goblins: Distributed, Transactional Programming with Racket and Guile

Show HN: I built a free PDF to Markdown converter

AI agents now have their own Reddit-style social network, and it's getting weird

Takeaway coffee cups release microplastic particles

L'actualité qui buzz: l'AGI en Vue dès 2026

U.N. Says It's in Danger of Financial Collapse Because of Unpaid Dues

Ask HN: Books for LLMs