So, our team decided to build our own. After months of grinding, using RustVMM and KVM, we built a blazing-fast, ultra-lightweight secure sandbox service from the ground up: CubeSandbox. Today, we are officially open-sourcing it.
To balance security and performance, we stripped the underlying OS to the absolute extreme. Here’s what it can do right now:
1. <60ms blazing-fast cold start: End-to-end latency is under 60ms, making it 2.5x to 50x faster than traditional secure sandbox solutions.
2. <5MB extreme memory footprint: Memory per instance is kept under 5MB. A single 96-vCPU physical machine can easily run 2,000+ sandboxes concurrently, reducing storage consumption by 90%.
3. Massive concurrency scheduling: Capable of spinning up hundreds of thousands of instances in minutes.
4. True kernel-level isolation: Every Agent gets its own dedicated Guest OS kernel.
5. Native E2B SDK compatibility: Just swap a single URL environment variable. Zero code changes required for smooth migration and hosting.
Also, a millisecond-level “snapshot rollback” feature is coming soon…
Before opening the repo today, CubeSandbox has been running silently behind the scenes in Tencent Cloud, serving massive real-world AI Agent workloads in production. As we open-source it today, it is no longer a prototype, but battle-tested, production-ready infrastructure.
Today, we hand it over to the community. Because we believe that high-performance agent infrastructure shouldn’t be exclusive to a few—it belongs to every developer worldwide who demands ultimate security and freedom.
The project is still in its very early open-source stages, and we are really looking forward to your hardest critiques and architectural roasts. I’ll be hanging out here all day to answer your questions. The source code and deployment guides are all in the README. Come play with it! https://github.com/TencentCloud/CubeSandbox