LangSmith Sandboxes alternatives for secure AI code execution

LangSmith Sandboxes entered private preview in March 2026 as LangChain's managed sandbox offering for running untrusted agent-generated code. This guide covers what LangSmith Sandboxes provide, what to look for in a sandbox alternative, and a comparison of five production-ready sandbox platforms available today.

LangSmith Sandboxes are isolated execution environments built into the LangSmith platform for running agent-generated code without exposing host infrastructure.

Each sandbox runs in a hardware-virtualized microVM with kernel-level isolation between sandboxes. LangSmith Sandboxes integrate with the existing LangSmith SDK, so teams already using the Python or JavaScript client for tracing or deployment can create sandboxes without adding a new dependency.

The product includes sandbox templates (reusable image and resource configurations), warm pools for pre-provisioned sandboxes, an auth proxy for injecting credentials without hardcoding secrets, persistent state across sessions, and long-running session support via WebSockets. LangSmith Sandboxes also include native integration with LangChain's Deep Agents framework and the Open SWE project.

LangSmith Sandboxes are in private preview, with APIs and features subject to change. Access requires signing up for the waitlist.

Sandbox platforms differ in meaningful ways across isolation model, deployment flexibility, and pricing. These are the dimensions worth evaluating before committing.

• Isolation model: Platforms use different isolation approaches: Firecracker microVMs, gVisor (syscall interception), Kata Containers with Cloud Hypervisor, or combinations. For running untrusted or AI-generated code, hardware-level microVM isolation is generally the more defensible choice. See our comparison of Kata Containers vs Firecracker vs gVisor for a deeper breakdown.
• Ephemeral vs persistent sessions: Some platforms cap session length. If your agents run for hours or days, verify the session limit before committing. See our guide to ephemeral sandbox environments and persistent sandboxes.
• BYOC (Bring Your Own Cloud) and deployment flexibility: If your organization has data residency requirements, existing cloud spend commitments, or compliance constraints, check whether the platform supports bring your own cloud and how self-serve that process is. Most platforms in this space require contacting sales for BYOC access. See our guide to BYOC AI sandbox platforms.
• GPU support: Most managed sandbox platforms in this space do not offer GPU compute. If your agents run inference or any GPU-bound workload, this is a hard requirement to check before evaluating further.
• Pricing model: Per-second billing is standard across most platforms. The meaningful differences are unit prices, what is included in the base cost, and whether BYOC is available to reduce costs at scale.
• Production readiness: Preview products and early-access platforms carry deployment risk. For production workloads, verify how long a platform has been running at scale and what compliance certifications it holds.

The following sandbox platforms range from focused code execution to full-stack AI infrastructure. Each section covers isolation model, key capabilities, BYOC support, GPU availability, and session limits.

Northflank provides a full infrastructure platform for AI workloads: microVM sandboxes, databases, APIs, workers, GPU workloads, CI/CD pipelines, and observability, running either in Northflank's managed cloud or inside your own VPC.

Sandboxes on Northflank use Kata Containers with Cloud Hypervisor, Firecracker, or gVisor, depending on workload and isolation requirements. Both ephemeral and persistent sessions are supported with no imposed time limits. Northflank accepts any OCI-compliant container image from any registry. Sandbox creation takes approximately 1–2 seconds.

A key differentiator compared to most platforms in this space is self-serve bring your own cloud (Deploy sandboxes in your cloud). Northflank supports deployment into AWS, GCP, Azure, Oracle, CoreWeave, Civo, and bare-metal without requiring a sales process. For teams in regulated industries, BYOC support is frequently a hard requirement in security reviews.

Northflank supports on-demand GPU allocation across L4, A100 (40GB and 80GB), H100, H200, and more with per-second billing. GPU pricing is all-inclusive: CPU and RAM are not billed separately on top of GPU time.

The platform has been running in production since 2021 across startups, public companies, and government deployments. It is SOC 2 Type II certified and includes horizontal autoscaling, bin-packing for density at scale, and multi-tenant architecture.

What Northflank supports:

• MicroVM isolation with Kata Containers, Firecracker, and gVisor
• Both ephemeral and persistent environments with no session time limits
• Self-serve BYOC into AWS, GCP, Azure, Oracle, CoreWeave, Civo, bare-metal, and on-premises
• On-demand GPUs (L4, A100, H100, H200) with per-second billing, CPU and RAM included
• Databases (PostgreSQL, MySQL, Redis, MongoDB) deployable alongside sandboxes
• API, CLI, SSH, and UI access
• Built-in CI/CD, secrets management, observability, and RBAC
• SOC 2 Type II certified

Pricing: CPU at $0.01667/vCPU-hour, memory at $0.00833/GB-hour. H100 at $2.74/hour all-inclusive. See the Northflank pricing page for full details.

E2B is a managed sandbox platform focused on AI agent code execution. It runs Firecracker microVMs and provides Python and TypeScript SDKs. Sandboxes run continuously for up to 24 hours on the Pro plan or 1 hour on the Hobby plan. For longer workloads, E2B supports pause and resume, where pausing resets the runtime window while preserving the sandbox state.

BYOC is available but not self-serve: access is limited to AWS and GCP, and teams need to contact sales to get started. GPU compute is not available on E2B. For a detailed comparison, see our E2B vs Modal and self-hostable alternatives to E2B articles.

Session limits: 1 hour (Hobby), 24 hours (Pro). BYOC: Available, AWS and GCP only, contact sales. GPU: Not available. Pricing: $0.0504/vCPU-hr, $0.0162/GiB-hr. Storage included (10GB Hobby, 20GB Pro). Hobby plan is free with a one-time $100 credit. Pro at $150/month.

Modal is a serverless compute platform with a dedicated sandbox interface for running arbitrary code. Sandboxes on Modal are created at runtime via the API: you define the container image, resources, and commands to execute dynamically. Modal uses gVisor for sandbox isolation.

Sandbox timeout defaults to 5 minutes and can be configured up to 24 hours. For workloads exceeding 24 hours, Modal recommends using filesystem snapshots to preserve state and restore with a subsequent sandbox. Modal supports GPU compute across L4, A100, H100, H200, and B200, with GPU pricing separate from CPU and memory. There is no BYOC option. See our E2B vs Modal comparison for more context.

Session limits: Default 5 minutes, configurable up to 24 hours. BYOC: Not available. GPU: Available (L4, A100, H100, H200, B200), billed separately from CPU and memory. Pricing: $0.1419/physical core-hr (equivalent to 2 vCPU), $0.0242/GiB-hr memory. H100 at $3.95/hr. Starter plan includes $30/month free credits.

Sprites is Fly.io's sandbox product for running arbitrary code in persistent, hardware-isolated environments. Each Sprite is a Firecracker microVM with a persistent ext4 filesystem backed by NVMe storage. When a Sprite goes idle, compute charges stop, the filesystem is backed up to durable object storage, and it restores on the next request.

Every Sprite gets a unique URL for HTTP access. Sprites support up to 8 CPUs and 16GB RAM per instance. The platform provides CLI, REST API, and JavaScript and Go SDKs. There is no BYOC option and no GPU support.

Session limits: None. BYOC: Not available. GPU: Not available. Pricing: Per second, based on actual cgroup CPU usage. $0.07/CPU-hr, $0.04375/GB-hr, $0.00068/GB-hr NVMe storage. No charge when idle. See our top Fly.io Sprites alternatives for broader context.

CodeSandbox is a browser and VM sandbox platform, now part of Together AI. The CodeSandbox SDK supports programmatic creation and management of VM sandboxes. VM sandboxes run on microVMs with snapshot and fork capabilities and have no imposed session time limits.

The Scale plan supports up to 250 concurrent VM sandboxes and 16 vCPUs with 32 GiB RAM. Enterprise scales up to 64 vCPUs and 128 GiB RAM. BYOC is available on Enterprise as a dedicated cluster, requiring contact with sales. GPU compute is not available. See our CodeSandbox alternatives article for more context.

Session limits: Unlimited. BYOC: Enterprise only, custom dedicated cluster, contact sales. GPU: Not available. Pricing: Credit-based at $0.015/credit ($0.075/core-hr equivalent). Build plan free with 40 hours/month. Scale from $170/month with 160 included VM hours and on-demand credits at $0.15/hour.

Pricing as of April 2026. Verify current rates on each platform's pricing page before making cost decisions.

The following table shows pricing for PaaS deployments, where you are using the platform's own infrastructure.

The following table shows BYOC pricing, where you deploy sandboxes inside your own cloud account, and the platform provides the control plane.

Based on 200 sandboxes, plan: nf-compute-100-4, infra node: m7i.2xlarge.

Northflank's BYOC pricing includes a default overcommit via the request modifier. A request modifier of 0.2 means each sandbox requests 20% of its plan's resources as a guaranteed minimum but can burst to the full plan limit when capacity is available. This allows more sandboxes per node: for example, 40 instead of 8 at a 0.2 modifier, reducing both cloud infrastructure costs and the Northflank management fee at scale. For more, see our guides on best BYOC sandbox platforms and top BYOC AI sandboxes.

LangSmith Sandboxes launched in private preview in March 2026. Access requires signing up for the waitlist. APIs and features may change before general availability.

Of the platforms covered in this article, Northflank and Modal both support GPU compute. Northflank supports L4, A100 (40GB and 80GB), H100, H200, and more with per-second all-inclusive billing. Modal supports L4, A100, H100, H200, and B200 with GPU billed separately from CPU and memory.

Northflank supports self-serve BYOC into AWS, GCP, Azure, Oracle, CoreWeave, Civo, bare-metal, and on-premises. E2B offers BYOC for AWS and GCP, but access requires contacting sales. CodeSandbox offers BYOC on Enterprise plans via a dedicated cluster, also requiring contact with sales. Modal and Fly.io Sprites are managed-only.