LangSmith has introduced Sandboxes, a new execution environment designed to give AI agents their own isolated computer. The company says the product is meant to support agents that need more than text generation, including workflows that require code execution, file editing, package installation, and persistent state.
The announcement reflects a growing challenge in agent development: reasoning models can produce useful outputs, but many production use cases depend on allowing those models to act inside a real computing environment. LangSmith argues that traditional chat interfaces and simple tool calls are not enough for tasks such as debugging code, analyzing data, or running multi-step workflows.
LangSmith describes Sandboxes as hardware-virtualized microVMs rather than containers. Each sandbox includes its own filesystem, shell, package manager, network access, code execution, and state that can persist during a session. The company says the setup is intended to give each agent a private workspace that can be created quickly and destroyed when the task is finished.
The product is aimed at common agent scenarios where execution matters. Those include coding assistants that apply changes and verify tests, data analysis agents that run Python on uploaded files, research assistants that browse and synthesize information, and CI systems that clone repositories and open pull requests. LangSmith also points to reinforcement learning and evaluation workloads that may need thousands of environments spun up in parallel.
The company says Sandboxes are accessible through the LangSmith SDK and API, allowing developers to create an environment with a single call.
LangSmith positions Sandboxes as a response to the security limits of running agent code locally or in containers. The company notes that agents often need to execute code they did not write, whether from a model, a user prompt, a cloned repository, or third-party dependencies. That makes the runtime inherently untrusted.
The company also argues that containers do not provide enough isolation for this use case because they share a kernel with the host system. In the company’s view, agents that install packages and run generated scripts need stronger separation than a standard container boundary can provide.
Sandboxes are designed to support long-running sessions without exposing production infrastructure to agent-generated code. LangSmith says the environments can install packages, run scripts, edit files, and even launch local services, while remaining isolated from other sandboxes and from the host system.
The release includes several features intended to make the environments useful beyond basic code execution. Snapshots and forks let teams capture a sandbox mid-session and branch from that state using copy-on-write behavior. Blueprints allow developers to define pre-warmed environments with a cloned repository, dependencies, and configuration already in place.
Other capabilities include service URLs for local web apps and an authentication proxy that injects credentials at the network layer so secrets do not need to enter the agent runtime directly. LangSmith says sandboxes are creator-private by default, with access limited to the person who created them and workspace administrators unless shared.
The company also argues that fast startup matters for infrastructure efficiency, particularly for GPU workloads where waiting on CPU environment provisioning can leave hardware idle.
LangSmith says monday.com is already using Sandboxes to support its Sidekick AI assistant. According to a quote from the company, the secure environment allows Sidekick to write and run code for tasks such as data analysis and multimedia generation.
The broader message behind the release is that agent systems are moving from predefined tool use toward open-ended execution. LangSmith’s view is that the next generation of agents will need a safe, isolated computer of their own if they are going to move from answering questions to completing work.