AI agent sandbox

Sandboxed microVMs for AI agents.

Spin up isolated Firecracker microVMs for AI agent code execution. Hardware-enforced isolation under KVM, fast cold boot, snapshot and resume, per-second billing that matches agent execution patterns.

Open ConsoleWhy microVM

<3s

Cold boot

From snapshot or fresh image

KVM

Hardware isolation

Dedicated kernel per agent

$0.006

From, per hour

Billed per second

Why microVMs for agent code execution

Strong enough to contain. Fast enough to be ephemeral.

AI agents that run their own code need a sandbox that holds up against hostile, buggy, or unpredictable programs. Containers share the host kernel, which is the wrong boundary for arbitrary code. Full VMs work but spin up too slowly for per-task economics. MicroVMs sit between: KVM hardware isolation, dedicated kernel per agent, cold boot in seconds.

Per-second billing matches the shape of agent workloads. Combined with snapshot-resume, short-lived microVMs are practical at the per-task level.

Patterns that fit

  • Code-execution agents.Snapshot a base image, fork microVMs per task, destroy when done.
  • Multi-tenant agent platforms.One microVM per end user, hardware-isolated, billed per second.
  • Long-lived workspace agents.A persistent microVM per workspace with snapshots for restore.
  • CI for agent-generated PRs.Fresh microVM per build, cleared after the PR closes.

What is on offer today

Honest about the integration shape

Available now

Manual provisioning + SSH

  • Web console for spin-up, snapshot, destroy
  • SSH access with the public key on file
  • In-browser web terminal as a backup access path
  • Per-second billing in USD credits
  • Three snapshots per account, expandable on request

On the roadmap

Programmatic control

  • REST API for instance lifecycle
  • CLI for scripting and CI integration
  • Webhook events on instance state changes
  • Snapshot quota expansion
  • L2 cryptocurrency settlement for low-value top-ups

If your agent is fully autonomous and provisions its own machines, you will want to wait for the API or drive a long-lived microVM over SSH. If your agent runs inside a microVM you provision in advance and execute tasks against, this works today.

Real hardware isolation, on every instance.

KVM hardware isolation, dedicated kernels, per-VM network namespaces. Included on every instance, no add-ons required.

Get Started

Pricing

Predictable pricing, per-second billing

Pay with cryptocurrency, billed per second in USD credits. No monthly commitments, no bandwidth fees. Destroy instances anytime and billing stops immediately.

Micro

$0.006/hr

Billed per second

CPU1 vCPU
Memory512 MB
Storage10 GB NVMe
Deploy

Medium

Popular
$0.015/hr

Billed per second

CPU1 vCPU
Memory2 GB
Storage50 GB NVMe
Deploy

Large

$0.025/hr

Billed per second

CPU2 vCPU
Memory4 GB
Storage80 GB NVMe
Deploy
View all plans and configurations →

Contact Sales

Let's talk about
your infrastructure.

Custom configurations, volume pricing, or dedicated support. Our team is ready to help you architect the right solution. Or if you just want to say hi.

hello@vmfabric.com
Nordic data center
Contact Us

Frequently Asked

AI agents that execute generated code need a sandbox strong enough to contain hostile or buggy programs without risk to the host. Containers share the host kernel, which is too weak a boundary for arbitrary code. Full VMs are strong enough but too slow to spin up per task. MicroVMs are the middle ground: hardware-isolated by KVM with a dedicated kernel per instance, but cold boot in seconds.