Sandboxes aren’t a new concept. Developers have been using them for decades to test code, isolate processes, run CI pipelines. But in the age of AI, sandboxes are taking on an entirely different role. They’re becoming the foundational layer of infrastructure.

Agents need sandboxes. Period.

Sandboxes are what ultimately enables agents to leverage model scaling laws. To benefit from models that keep getting better, you need to give them powerful, generalist tools: code execution, filesystem access, raw SQL queries against a database… And providing this kind of tools on a shared server would be insane. This is why every agent needs a sandbox. Each user gets an isolated compute environment: their own filesystem, their own agent process, their own persistent state.

Beyond safety, sandboxes also unlock performance, experimentation, and privacy. User data lives on the local filesystem, enabling fast agentic search with no network round-trips. Sandboxes are trivially easy to snapshot and replicate — spin up identical copies of a user’s environment with different model configs and run evals. And isolation is by design, not by policy.

It goes beyond agents

But the need for sandboxes goes beyond just agents.

If we believe that software is becoming a commodity, then it follows that software will become increasingly personal. And this is already happening: tools like Lovable and Wabi let anyone generate fully custom applications on the fly.

If we follow this further, it means that centralized servers and databases are not the right path anymore, especially for consumer products. Why bother with the same rigid data structure for all your users if you can actually tune it for each of them? Your app isn’t the same as my app. Your data isn’t the same as my data.

Tomorrow’s infrastructure is sandboxes

Obviously running a dedicated server for each user would be absurd from an economic perspective. Most users do not need access to their agents and apps at all times.

Sandboxes are ephemeral by nature. They spin up when your agent needs to work or when you need to access your app and data, suspend when idle, and resume exactly where they left off. You only pay for active compute, and cold storage is cheap.

We need to stop thinking of sandboxes as just ephemeral, disposable environments. They are the shared computer of a user and their agent — a persistent, personal runtime that accumulates tools and context over time.

Servers will keep existing, of course. But their role shifts. They become the coordination layer: bridging sandboxes to each other, connecting them to applications that require a central entry point, handling authentication… The sandbox is where the actual work happens.