Source URL: https://simonwillison.net/2025/Jun/26/sandboxes/
Source: Simon Willison’s Weblog
Title: New sandboxes from Cloudflare and Vercel
Feedly Summary: Two interesting new products for running code in a sandbox today.
Cloudflare launched their Containers product in open beta, and added a new Sandbox library for Cloudflare Workers that can run commands in a “secure, container-based environment":
import { getSandbox } from "@cloudflare/sandbox";
const sandbox = getSandbox(env.Sandbox, "my-sandbox");
const output = sandbox.exec("ls", ["-la"]);
Vercel shipped a similar feature, introduced in Run untrusted code with Vercel Sandbox, which enables code that looks like this:
import { Sandbox } from "@vercel/sandbox";
const sandbox = await Sandbox.create();
await sandbox.writeFiles([
{ path: "script.js", stream: Buffer.from(result.text) },
]);
await sandbox.runCommand({
cmd: "node",
args: ["script.js"],
stdout: process.stdout,
stderr: process.stderr,
});
In both cases a major intended use-case is safely executing code that has been created by an LLM.
Tags: vercel, cloudflare, generative-ai, ai, llms, sandboxing
AI Summary and Description: Yes
Summary: The text discusses two new sandboxing products launched by Cloudflare and Vercel, specifically designed for executing untrusted code securely. Both products can execute code generated by large language models (LLMs), addressing a critical need for security in AI applications.
Detailed Description:
The emergence of sandboxing technologies by Cloudflare and Vercel marks a significant advancement in the realm of secure code execution within cloud environments. Sandboxing allows developers to run potentially harmful code in a secure and controlled manner, minimizing risks associated with executing untrusted code. Here are the main points regarding the products:
– **Cloudflare Containers**:
– Recently launched in open beta.
– Introduced a Sandbox library for Cloudflare Workers.
– Enables execution of commands in a secure, container-based environment.
– Example code usage demonstrates the simplicity of leveraging this sandbox.
– **Vercel Sandbox**:
– Similar capabilities to Cloudflare’s offering.
– Allows safe execution of untrusted code, making it ideal for AI-generated scripts.
– Shows a user-friendly approach with clear examples for actual implementation.
– **Key Use Case**:
– Both products are geared towards safely executing code produced by large language models (LLMs), thus directly addressing concerns related to AI security.
– The sandboxing mechanism is critical for maintaining security while utilizing the power of generative AI.
**Practical Implications**:
– The introduction of these services could drive increased adoption and development of AI solutions, as developers feel more secure in executing potentially hazardous code.
– Compliance with security standards can be enhanced by using environments specifically designed to mitigate risks from untrusted code execution.
– Organizations may consider integrating these services into their existing workflows to improve their model security posture in a world increasingly dependent on AI technologies.
Overall, these updates signify noteworthy progress in the intersection of cloud computing security, AI security, and infrastructure management, providing much-needed safeguards as reliance on LLMs grows.