Tencent Cloud released the full source code of Cube Sandbox on April 21 under an Apache 2.0 license, making it the first production-grade, hardware-isolated agent runtime available as open source. The project is live on GitHub with deployment scripts, documentation, and examples covering shell execution, file operations, browser automation, and reinforcement learning training.

What Cube Sandbox Does

Cube Sandbox runs each AI agent instance inside its own dedicated guest OS kernel via KVM hardware virtualization. No shared kernel means a compromised sandbox cannot reach adjacent instances. According to Tencent’s announcement, the system achieves cold starts under 60 milliseconds in production for single instances — averaging 67ms and reaching a P95 of 90ms under 50 concurrent launches, enabled by resource pool pre-provisioning, snapshot cloning, EPT Lazy Load, and lock optimization.

Per-instance memory overhead stays below 5MB. Copy-on-write sharing, Rust-based trimming, and reflink disk sharing allow a single 96-vCPU host to run more than 2,000 sandboxes simultaneously with 90%+ storage savings over traditional container or VM approaches.

Production Scale

The platform already handles production workloads. Tencent’s PR Newswire release states that MiniMax, an AI lab focused on agentic reinforcement learning, runs hundreds of thousands of heterogeneous sandboxes (Linux, Windows, Android) concurrently on the platform. Distributed scheduling supports burst provisioning of 100,000+ instances per minute, with P99 latency below 200ms for 100 concurrent launches on a single host.

Tencent also disclosed plans for event-level snapshot rollback with sub-hundred-millisecond snapshots supporting checkpoint saving, arbitrary state rollback, and rapid forking. That feature is still in development and will be open-sourced upon completion.

SDK Compatibility and Migration Path

Cube Sandbox natively supports the OpenAI Python SDK and E2B SDK. Developers using either can redirect their runtime to Cube without code changes, according to the announcement. Integration is available via MCP, API, SDK, or CLI.

The project requires no Kubernetes cluster. A one-click deployment script sets up the full environment in minutes, and Apache 2.0 licensing allows commercial use without vendor lock-in.

The Infrastructure Pivot

The release fits a broader pattern in the Chinese AI sector. As China Tech News reported, the open-sourcing of frontier models like DeepSeek V4 is shifting competitive focus from model development to the runtime infrastructure and specialized data required to make agents functional in production. Tencent Cloud plans to pair Cube with its TACO AI Acceleration Engine and FlexKV cache system, building a full-stack “secure sandbox + inference acceleration + cache optimization” infrastructure layer.

Dowson Tong, Senior Executive Vice President of Tencent and CEO of the Cloud and Smart Industries Group, first disclosed the open-source plan at the Tencent Cloud Shanghai City Summit on March 27 as a core element of the company’s AI Agent Infrastructure strategy.

Competitive Context

The release lands days after OpenAI expanded its own Agents SDK with sandbox containers across eight sandbox providers, and as the agent sandbox market fragments across proprietary offerings. Tencent’s open-source approach offers an alternative: full auditability, private deployment within enterprise boundaries, and zero dependency on foreign cloud providers. For teams building agent infrastructure outside the U.S. cloud ecosystem, or those needing to meet compliance requirements that prohibit third-party cloud dependencies, Cube Sandbox represents a self-hostable option backed by production-scale validation.