Tencent Cloud’s Cube Sandbox becomes fully open source with five technical advancements, providing a production-grade foundation for deploying AI agents at industrial scale.
SHENZHEN, China, April 23, 2026 /PRNewswire/ — As AI Agent applications rapidly evolve, creating an optimal underlying architecture has become one of the industry’s most pressing challenges. On April 21, 2026, Tencent Cloud officially introduced its open source Cube Sandbox under Apache 2.0, not just the SDK, but the entire sandbox stack as a production-grade service, tested at scale and immediately deployable.
A foundational layer for the agent era
Cube is the industry’s only open source agent sandbox combining hardware-level isolation with sub-60ms cold start, natively supporting the OpenAI Python SDK and E2B SDK. Developers can simply redirect the runtime and migrate seamlessly. No code changes required.
This provides developers and businesses with a secure, high-performance, low-cost foundation for moving agents from the lab to mass production.
Performance, security and stability at the limit
Built at the hardware virtualization layer, Cube Sandbox offers an extreme combination:
- Performance: Cold start from 60ms in real-world scenarios: one third of the industry average (150 ms). Up-to-the-minute scheduling of tens of thousands of sandboxes, with platform-level burst scheduling exceeding 100,000 instances.
- Security: A three-layer defense architecture with millisecond-level event snapshots and state rollback, providing a critical undo mechanism for unpredictable agent behavior. This feature will be released and open sourced once fully completed.
- Stability: Validated at very large scale productionwith every overall performance figure measured in live production environments.
Five advances: a hardware-level security cockpit for agents
Built on the MicroVM architecture, Cube addresses the security risks of autonomous agents: malicious code execution, data exfiltration, resource abuse, and kernel evasion.
At the technical level, Cube Sandbox offers five advances:
- Material level insulation
Each sandbox runs a dedicated guest operating system kernel via KVM hardware virtualization, with no shared kernel. “A breach in a sandbox leaves the rest intact.”
- Cold start less than 60 ms
With resource pool pre-provisioning, snapshot cloning, Lazy Load EPT, and lock optimization, cold start is <60 ms (average 67 ms, P95 = 90 ms at 50 concurrent), significantly outperforming peer VMs, containers, and MicroVM solutions.
- Extremely light
Memory overhead per instance <5 MB. CoW sharding, Rust-based slicing, and reflink disk sharding enable over 2,000 sandboxes on a single 96 vCPU host, with over 90% storage savings compared to traditional approaches.
- Massive Concurrent Scheduling
Distributed scheduling and bin-packing enable platform-level burst scheduling of over 100,000 instances, with P99 latency less than 200 ms under 100 concurrent launches on a single 96 vCPU host.
- Restoring event-level snapshots
Snapshots under one hundred milliseconds support checkpoint saving, arbitrary state restoration, and fast forking. This feature will be released and open source once development is complete.
Three user scenarios throughout the full agent lifecycle
Cube Sandbox addresses the needs of the full AI agent lifecycle, from R&D and training to enterprise-wide application development and production.
For foundation model labs:
Cube takes on extreme competition in Agentic RL training. MiniMax runs hundreds of thousands of heterogeneous sandboxes (Linux, Windows, Android) simultaneously. Cube’s image acceleration reduces storage and I/O pressure; Distributed scheduling delivers over 100,000 instances per minute, many times faster than peer solutions.
For agent developers and small and medium-sized businesses:
No Kubernetes, no vendor lock-in: a one-click script sets up the entire environment in minutes. Integration via MCP, API, SDK or CLI requires no rewriting of agent code.
For Business customers:
Fully private deployment keeps data within corporate boundaries, meeting cybersecurity filing and compliance requirements. Apache 2.0 ensures business friendliness, full auditability and zero dependence on foreign cloud providers.
Already open, already in production
Cube Sandbox has released its complete codebase, one-click deployment scripts, documentation, and samples (covering shell execution, file operations, browser automation, RL training, and more) free to use, modify, and distribute.
At Tencent Cloud Shanghai City Summit on March 27Dowson Tong, Senior Executive Vice President of Tencent and CEO of Cloud and Smart Industries Group, was the first to disclose the open source Cube plan as a core practice of Tencent Cloud’s AI agent infrastructure strategy.
Tencent Cloud will combine Cube with TACO AI acceleration engine and FlexKV cache system, creating a comprehensive infrastructure of “Secure Sandbox + Inference Acceleration + Cache Optimization”, providing each agent with a secure, efficient and low-cost execution environment and unlocking the productivity potential of the large model era.
SOURCE Centent Cloud
