LangSmith Sandboxes: Secure Isolated Code Execution for AI Agents
Summary
- • LangSmith launches sandboxed code execution for agents in Private Preview
- • Single SDK call spins up ephemeral, locked-down environments for untrusted code
- • Addresses core risk of agents running arbitrary, unpredictable code unsafely
- • Integrates natively with LangSmith tracing, deployment, and Deep Agents framework
Details
LangSmith Sandboxes launched in Private Preview for secure agent code execution
LangChain released Sandboxes as a managed infrastructure layer that lets agents run untrusted, LLM-generated code in ephemeral, isolated environments. Available via waitlist; spun up with a single SDK call using an existing LangSmith API key.
Sandboxes provide resource limits, network isolation, and custom Docker image support
Operators can configure CPU, memory, and disk caps to prevent runaway consumption, restrict network access, and supply their own Docker image from a private registry. Sandbox Templates allow reusable image and resource configurations across runs.
Agent-generated code is categorically different from known application code — traditional containers are insufficient
LangChain frames the core problem as a security model mismatch: traditional container tooling assumes predictable, vetted workloads. An agent can attempt arbitrary or destructive commands, so purpose-built isolation with tighter controls is required.
Sandboxes integrate directly with LangSmith Deployment, enabling sandbox attachment to agent threads
Teams already using LangSmith for tracing or deployment can add sandboxed execution without new SDKs. Integration with LangChain's Deep Agents open source framework and Open SWE (an autonomous software engineering agent) is included out of the box.
LangChain used Sandboxes internally to build Open SWE before external release
The product was dog-fooded on Open SWE — a CI-style agent that clones repos, installs dependencies, and runs test suites before opening pull requests. This positions Sandboxes as production-validated infrastructure, not an experimental add-on.
Use cases span coding assistants, CI agents, and data analysis pipelines
Highlighted examples include a coding assistant that validates its own output before responding, a repo-cloning CI agent, and a Python data analysis agent that executes scripts against datasets and returns results — covering a wide range of agentic coding patterns.
Product Launch = new release, Tech Info = feature/capability details, Insight = framing and rationale, Infrastructure = platform integration, Strategy = internal validation and positioning, New Tech = novel use cases enabled
What This Means
As coding agents become a standard pattern — not just a novelty — the infrastructure question of how to safely run agent-generated code has become a real bottleneck for teams. LangSmith Sandboxes removes the need to build and maintain custom container pipelines, network lockdowns, and resource governors yourself, lowering the barrier to deploying coding agents in production. For AI practitioners already in the LangSmith ecosystem, this is a significant reduction in infrastructure overhead. The Private Preview model means availability is gated for now, but the direction signals LangChain is moving to own more of the agentic execution stack, not just the orchestration layer.