boxd

Agent Sandboxes

The fastest agent sandboxes with real isolation.

50ms cold boot. KVM virtualization. European hosted. Built for teams that run AI agents on real infrastructure.

Speed

50ms cold boot. 8ms resume.

Agents shouldn't wait for infrastructure. boxd boots a full VM in 50ms and resumes a suspended machine in 8ms. Your agent starts executing code before most platforms finish provisioning.

click to copy
$ ssh boxd.sh new agent-sandbox
agent-sandbox ready (50ms)
 
Full Linux VM. Not a container.
see what this means for you
What this means for you

E2B boots in ~500ms. Modal spins up containers. Daytona provisions from templates. boxd is 10x faster than the next closest — because we built our own VMM from scratch, not on top of Firecracker or QEMU.

Talk to us
go back
Speed at scale

Fork any machine in milliseconds.

Need 50 sandboxes for parallel agent runs? Fork a golden image. Each fork is a full copy-on-write clone with its own kernel, filesystem, and network. No boot sequence, no setup.

click to copy
$ for i in $(seq 1 50); do
ssh boxd.sh fork agent-sandbox --name=agent-$i &
done
50 sandboxes ready (1.2s total)
see what this means for you
What this means for you

Parallel agent workloads on other platforms mean parallel cold boots. 50 containers × 2s each = waiting. 50 boxd forks × 50ms each = done before the agent even parses the task.

Talk to us
go back
Isolation

KVM virtualization. Not containers.

Every sandbox runs its own Linux kernel inside a hardware-isolated VM. Agents get root access, install anything, modify the kernel. A compromised agent can't escape to the host or reach other sandboxes.

click to copy
$ ssh -t boxd.sh connect agent-42
root@agent-42:~$ apt install anything
root@agent-42:~$ modprobe whatever
 
Full root. Full kernel. Full isolation.
see what this means for you
What this means for you

Containers share a kernel. One CVE and your agent escapes to the host. boxd uses KVM — the same technology that isolates AWS EC2 instances. Your agent gets root inside its VM. Nothing leaks out.

Talk to us
go back
Isolation guarantee

No shared kernel. No shared anything.

Container-based sandboxes (E2B, Modal) share the host kernel between tenants. A kernel exploit means game over. boxd gives every sandbox its own kernel, its own filesystem, its own network stack.

click to copy
Container sandbox:
Host kernel ← shared with all tenants
 
boxd sandbox:
Guest kernel ← yours alone (KVM)
see what this means for you
What this means for you

If your agents run untrusted code, install arbitrary packages, or execute LLM-generated scripts, you need kernel-level isolation. Namespace isolation is not enough. Ask your security team.

Talk to us
go back
Data residency

European hosted. GDPR by default.

All boxd infrastructure runs in European data centers. Your agent workloads, code, and data never leave the EU. No US subpoenas, no transatlantic data transfers, no compliance gaps.

see what this means for you
What this means for you

Most agent sandbox providers run exclusively on US infrastructure. If your company handles European customer data, that's a compliance risk. boxd is EU-hosted. No data transfer agreements needed.

Talk to us
go back
Sovereignty

Self-hostable. Your servers, your rules.

For teams that need full control: run boxd on your own metal. Single binary, zero dependencies. No data leaves your network. Meet any compliance requirement without compromise.

click to copy
$ ssh boxd.sh
authenticated via SSH key
 
Managed or self-hosted. Same API.
see what this means for you
What this means for you

Regulated industries (finance, healthcare, defense) can't send code to third-party infrastructure. boxd runs on your servers with the same API. No vendor dependency, no data exposure.

Talk to us
go back
Talk to us

read the docs · ssh boxd.sh