Cloudflare launches GA Sandboxes, giving AI agents their own dedicated computers.

Cloudflare’s GA rollout adds a suite of capabilities that turn the sandbox from a novelty into a production‑grade workstation for AI agents. The blog notes that the platform now supports “secure credential injection,” allowing agents to make authenticated API calls without ever seeing the underlying secrets, a feature that addresses the long‑standing security gap when untrusted code needs access to cloud services. In addition, the sandbox now offers PTY (pseudo‑terminal) support, giving both humans and agents a real terminal experience, while “persistent code interpreters” let agents run stateful Python, JavaScript, or TypeScript out of the box. These upgrades mean an agent can clone a repo, spin up a dev server, and watch file changes—all inside an isolated container that sleeps when idle and wakes on demand, according to the Cloudflare announcement.

The engineering challenges that Cloudflare solved to make this possible are spelled out in the post. “Burstiness” – the need to spin up many sandboxes quickly without paying for idle compute – is handled by the platform’s on‑demand start and automatic sleep behavior. “Quick state restoration” is achieved through snapshots, which let a session resume instantly from a prior checkpoint. The blog also highlights “filesystem watching,” a feature that speeds iteration by notifying the agent of file changes in real time, and “background processes and live preview URLs,” which give developers a simple way to interact with running services and verify in‑flight changes without leaving the sandbox environment.

Security and control were top of the list for Cloudflare’s design. The new “secure credential injection” lets agents call authenticated endpoints while the platform keeps the actual tokens hidden, a crucial safeguard when agents are executing untrusted code. The service also offers a programmatic API for lifecycle management – methods like `exec`, `gitClone`, and `writeFile` let developers script sandbox behavior directly from their applications. The blog’s code snippet shows a typical workflow: request a sandbox by name, have it start on demand, clone a repository, and then run commands inside the isolated environment, all with a few lines of JavaScript.

Early adopters are already putting the sandbox to work. According to the announcement, Figma’s “Make” platform runs agents in Cloudflare containers to execute user‑authored code at scale. Alex Mullans, AI and Developer Platforms lead at Figma, is quoted saying the infrastructure “provides reliable, highly‑scalable sandboxes where we could run untrusted agent‑ and user‑authored code.” That endorsement signals confidence from a major design tool that depends on fast, secure code execution for its community of creators. With the GA release, Cloudflare hopes to attract more partners that need a safe playground for AI‑driven development, positioning the sandbox as a universal backend for everything from code‑generation assistants to automated testing bots.

Pricing and scalability have also been tweaked for enterprise use. The blog mentions “higher limits and Active CPU Pricing,” which let organizations deploy fleets of agents without paying for unused CPU cycles – a model that mirrors serverless billing but with the added benefit of persistent state. By coupling these economic incentives with the technical enhancements, Cloudflare aims to make the sandbox the default compute surface for any AI agent that needs a full‑featured computer, whether it’s building multi‑language projects or serving live previews. The GA launch, therefore, marks a shift from experimental containers to a robust, production‑ready platform that could become the backbone of the next generation of AI‑powered developer tools.