What it does

CubeSandbox spins up hardware-isolated micro-VMs for AI agents using RustVMM and KVM. Each sandbox gets its own guest kernel, boots in under 60ms, and adds less than 5MB of memory overhead. It speaks the E2B SDK protocol natively, so swapping your sandbox provider is supposedly just a URL change.

The interesting bit

The project treats VM startup as a resource-pool problem, not a boot problem. Pre-provisioned pools plus copy-on-write snapshots mean you skip initialization entirely; the “cold start” is really a warm clone. That, plus a ruthlessly stripped Rust runtime, is how they claim thousands of agents per node with real kernel isolation.

Key highlights

• Drop-in E2B SDK compatibility: change E2B_API_URL and keep your Python code
• Sub-60ms end-to-end creation on bare metal; P99 stays under 150ms at 50 concurrent sandboxes
• Per-sandbox memory overhead under 5MB for instances ≤32GB
• eBPF-based network isolation (CubeVS) with fine-grained egress filtering
• Event-level snapshots and rollback via the CubeCoW engine in v0.3.0
• Single-node or clustered deployment; one-click install script provided

Caveats

• Requires x86_64 Linux with KVM; WSL2 or nested virtualization work but are “not recommended” for performance
• The “5MB overhead” figure is measured at smaller instance sizes; larger configs see “marginal increase” (unspecified how much)
• Benchmarks are self-reported on bare metal; no independent third-party numbers visible

Verdict

Worth evaluating if you’re already paying E2B bills and need kernel-level isolation for untrusted LLM-generated code. Skip it if you’re on ARM, Windows-native, or satisfied with Docker’s security model for your use case.