Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Runtime 2025

Agent Sandbox: Kubernetes-Native Agent Code Execution and Computer Use Environments

K8s Guru
4 min read
#agent-sandbox #google #ai-agents #agentic-ai #runtime #kubernetes
Agent Sandbox: Kubernetes-Native Agent Code Execution and Computer Use Environments

Table of Contents

Introduction

Agentic workloads change the threat model: they generate and execute code, call tools, and can make multi-step decisions that span time. On Kubernetes, that’s powerful—but it also means you need isolation, strict boundaries, and auditable behavior by default.

Agent Sandbox, introduced by Google in November 2025, is aimed at providing Kubernetes-native environments for running these agents safely: sandboxed execution, resource and network controls, filesystem isolation, and a Kubernetes-native control surface (CRDs/operators) for managing agent lifecycles.

Why this matters in practice

  • Containment: strong isolation reduces the blast radius of agent mistakes or prompt-induced behavior.
  • Least privilege: API access controls and policy enforcement help keep agents from becoming accidental cluster-admins.
  • Operational traceability: audit logging and lifecycle management are what make “agents in prod” governable.

Agentic AI Workload Support

  • Autonomous agents provides execution environments for autonomous AI agents that make decisions and take actions.
  • Code execution enables safe execution of dynamically generated code by AI agents.
  • Computer use supports agents that need to interact with computer systems, APIs, and tools.
  • Multi-step tasks facilitates complex, multi-step workflows that require state persistence and coordination.

Secure Execution Environments

  1. Sandboxed execution provides complete isolation for agent code execution with strict security boundaries.
  2. Resource limits enforces CPU, memory, network, and storage limits for agent workloads.
  3. Network isolation controls and restricts network access to prevent unauthorized communication.
  4. Filesystem isolation provides isolated filesystem access with configurable mount points and permissions.

Kubernetes-Native Design

  • Pod-based execution runs agents as Kubernetes pods with native lifecycle management.
  • Custom resources defines CustomResourceDefinitions (CRDs) for agent configuration and management.
  • Operator support includes Kubernetes operators for automated agent deployment and scaling.
  • Service integration integrates with Kubernetes services for agent-to-agent and agent-to-service communication.

Computer Use Capabilities

  • API access enables agents to interact with Kubernetes APIs and external services securely.
  • Tool execution supports execution of system tools and utilities within controlled environments.
  • State management provides persistent state storage for agents across execution cycles.
  • Event handling processes Kubernetes events and triggers agent actions based on cluster state.

Security Features

  • Zero-trust execution implements zero-trust principles with every agent action verified and authorized.
  • Audit logging maintains comprehensive audit logs of all agent actions and decisions.
  • Policy enforcement enforces security policies for agent behavior and resource access.
  • Vulnerability protection protects against common vulnerabilities in AI agent implementations.

Scalability and Performance

  • Horizontal scaling scales agent workloads horizontally across cluster nodes.
  • Resource optimization optimizes resource usage through intelligent scheduling and packing.
  • Low latency provides low-latency execution for real-time agent interactions.
  • High throughput supports high-throughput agent workloads with efficient resource utilization.

Use Cases

  • Autonomous operations enables autonomous cluster operations and self-healing capabilities.
  • AI-powered automation supports AI-powered automation of complex operational tasks.
  • Intelligent monitoring provides intelligent monitoring and alerting through AI agents.
  • Automated remediation enables automated problem detection and remediation by AI agents.

Getting Started

# Install Agent Sandbox
kubectl apply -f https://github.com/agentsandbox/kubernetes/releases/latest/download/install.yaml

# Create an agent execution environment
cat <<EOF | kubectl apply -f -
apiVersion: agentsandbox.io/v1alpha1
kind: AgentSandbox
metadata:
  name: my-agent
  namespace: default
spec:
  agent:
    image: my-registry/my-agent:latest
    resources:
      requests:
        cpu: "500m"
        memory: "1Gi"
      limits:
        cpu: "2000m"
        memory: "4Gi"
  sandbox:
    networkPolicy: restricted
    filesystemAccess: read-only
    apiAccess:
      - apiGroup: "apps"
        resources: ["deployments"]
        verbs: ["get", "list", "patch"]
  state:
    persistent: true
    storageClass: standard
    size: 10Gi
EOF

Deploy an agent workload:

apiVersion: agentsandbox.io/v1alpha1
kind: AgentWorkload
metadata:
  name: cluster-monitor-agent
spec:
  agent:
    image: my-registry/cluster-monitor:latest
    env:
    - name: CLUSTER_NAME
      value: production
  sandbox:
    type: restricted
    allowNetworkAccess:
      - endpoint: "https://api.monitoring.internal"
        methods: ["GET"]
    allowFileSystemAccess:
      - path: "/tmp"
        mode: read-write
  triggers:
    - type: schedule
      schedule: "*/5 * * * *"  # Every 5 minutes
    - type: event
      filters:
        - type: pod
          status: failed
  actions:
    - type: log
    - type: alert
    - type: remediate

Agent Lifecycle Management

  • Deployment manages agent deployment with rolling updates and health checks.
  • Scaling automatically scales agents based on workload demands and resource availability.
  • Health monitoring monitors agent health and automatically restarts unhealthy agents.
  • Version management supports agent versioning and rollback capabilities.

Integration with AI Platforms

  • LLM integration integrates with Large Language Model APIs for agent decision-making.
  • Vector databases provides access to vector databases for agent knowledge and context.
  • Tool libraries includes libraries of pre-built tools and utilities for common agent tasks.
  • Model serving integrates with model serving platforms for agent inference needs.

Monitoring and Observability

  • Agent metrics collects metrics on agent execution, decision-making, and resource usage.
  • Distributed tracing provides distributed tracing for multi-agent workflows.
  • Log aggregation aggregates logs from all agents for centralized analysis.
  • Performance analytics analyzes agent performance and identifies optimization opportunities.

Summary

AspectDetails
Release DateNovember 2025 (Google)
Headline FeaturesAgentic AI support, secure execution environments, Kubernetes-native design, computer use capabilities
Why it MattersProvides a production-ready platform for running autonomous AI agents on Kubernetes, addressing the unique security and operational challenges of agentic AI workloads

Agent Sandbox represents Google’s commitment to enabling the next generation of AI-powered Kubernetes operations, providing secure, scalable, and efficient execution environments for autonomous AI agents that will transform how we manage and operate cloud-native infrastructure.