Safely run AI-generated code in Cloud Run sandboxes Google Cloud announced Cloud Run sandboxes in public preview at WeAreDevelopers World Congress, providing a native, secure, and ultra-fast runtime environment for executing untrusted AI-generated code and agent workloads. The sandboxes offer credential isolation, deny-by-default network egress, and safe filesystem overlays, enabling developers to run LLM code interpreters, headless browsers, and user-submitted code without risking host applications or cloud credentials. Here’s a question we hear often at Google Cloud: How do you safely run AI-generated code or untrusted binaries without putting your host application, data, and cloud credentials at risk? In other words, how do you give AI-written programs a safe space to run — one that keeps them completely separate from your trusted programs with higher privileges? Until now, developers had to build complex sandboxing infrastructure using container clusters or pay for specialized third-party microVM runtimes. Today, at WeAreDevelopers World Congress https://www.wearedevelopers.com/world-congress , we are announcing Google Cloud Run sandboxes in public preview. Cloud Run sandboxes are a native, secure, and ultra-fast runtime environment built specifically for executing untrusted code and agent workloads, starting in milliseconds. In the following example, we send requests to safely execute untrusted Python code on a Cloud Run service that starts, executes, and stops 1,000 sandboxes with an average of 500ms latency: In this post, we’ll share more about the feature and core use cases. Cloud Run sandboxes are lightweight, isolated execution boundaries that you can spawn near-instantly within your existing Cloud Run service instances . Whether you need to let an LLM run a dynamically generated Python script to calculate business margins or spin up a headless browser to perform web research, Cloud Run sandboxes give you a secure, isolated sandbox to run these tasks without leaving your serverless environment. LLM code interpreters: Build advanced data analysis features into your AI products. Let your models write and execute Python, R, or SQL code to analyze datasets, generate charts, and perform complex math securely. Headless browsers: Give your agents a secure environment to run browsers. Safely scrape web pages, take screenshots, and automate web workflows without risking your host machine. User-submitted code execution: Beyond AI, platforms hosted on Cloud Run can use sandboxes to safely run custom scripts, plugins, or webhooks uploaded by their own end-users. Enabling sandboxes on your Cloud Run service is as simple as adding a single flag to your deployment. When deploying your Cloud Run service, enable the sandbox launcher via gcloud or your YAML configuration: Once enabled, a lightweight sandbox CLI binary is automatically mounted into your execution environment. Your agent application can spawn sandboxes programmatically using standard subprocess calls. Here is how easily you can run an untrusted Python script generated by an LLM: Cloud Run sandboxes are engineered to protect your host application and cloud resources from malicious or erroneous code execution. The runtime enforces three critical security boundaries: 1. Credential and environment isolation: These sandboxes do not have access to the Cloud Run service’s environment variables nor do they have the ability to call the Google Cloud metadata server. 2. Locked-down network egress deny-by-default : By default, sandboxes have zero outbound network access . If your agent is tricked into running a script that attempts to exfiltrate data to a malicious server, the network request is blocked at the system layer. Egress can be enabled only when explicitly requested: 3. Safe filesystem overlay: The sandbox runs with a read-only view of your container's filesystem allowing it to use your installed packages, Python runtimes, and binaries but writes all changes to an isolated, temporary memory overlay. Once the sandbox execution ends, all generated files are discarded. Though you can still import and export files as needed for re-use across sandboxes: Cloud Run sandboxes will be supported in the next version of Agent Development Kit https://adk.dev/ with a new CloudRunSandboxCodeExecutor . This integration gives your ADK agents running on Cloud Run the ability to execute code in one single line: Cloud Run sandboxes were also added to ComputeSDK https://docs.computesdk.com/getting-started/introduction , a vendor agnostic SDK for running sandboxes. This SDK allows you to either invoke sandboxes remotely from outside the Cloud Run service or use them directly as a local tool on the service. You can learn how to use this SDK for Cloud Run sandboxes here https://github.com/computesdk/computesdk/tree/main/packages/cloud-run . Unlike dedicated sandbox hosting platforms that charge high premiums for on-demand virtual machines, Cloud Run sandboxes run directly on your existing allocated CPU and memory . Because the sandboxes share the resources of your running instances, there is no additional cost or premium to use this feature. You can check out our documentation here https://docs.cloud.google.com/run/docs/code-execution .