- Tencent Cloud just dropped Cube Sandbox on GitHub — a RustVMM + KVM sandbox built for AI agents.
- Sub-60ms cold start, under 5MB memory per instance, dedicated kernel isolation, and drop-in E2B SDK compatibility.
- One env var to migrate.
TL;DR
On April 20, 2026, Tencent Cloud open-sourced Cube Sandbox, a microVM sandbox runtime purpose-built for AI agents. It achieves sub-60ms cold starts, under 5MB memory overhead per instance, and claims 100% E2B SDK compatibility — swap the endpoint URL, zero code changes. Built in Rust on top of RustVMM and KVM, Apache 2.0 licensed, available now at github.com/TencentCloud/CubeSandbox.
What's new
Cube Sandbox lands in a crowded field (E2B, Modal, Daytona, Vercel Sandbox, Microsandbox) but it comes swinging with two claims that matter: the fastest cold start in the open microVM space, and a drop-in compat layer for the de-facto AI-agent SDK, E2B.
The v0.1.0 release ships six modular components:
- CubeAPI — REST gateway that speaks the E2B protocol.
- CubeMaster — cluster scheduler and orchestration.
- CubeProxy — request routing and protocol adaptation.
- Cubelet — per-node sandbox lifecycle agent.
- CubeVS — eBPF-based virtual switch for network isolation.
- CubeHypervisor / CubeShim — the KVM virtualization layer, built on rust-vmm primitives.
Why it matters
If you've ever built an AI agent that runs code, you know the pain: containers leak, Docker-in-Docker is slow, and Firecracker is powerful but a bare primitive. E2B solved the UX but it's a managed SaaS. Teams with data-residency, compliance, or cost constraints have been waiting for a self-hostable replacement that doesn't cost a week of integration work.
Cube Sandbox's bet is simple: keep the E2B API surface, ship better performance numbers, make it one-click to deploy. If the benchmarks hold up in the wild, the migration story is brutally simple — change one environment variable.
Technical facts
| Metric | Cube Sandbox | E2B (Firecracker) | Firecracker baseline |
|---|---|---|---|
| Cold start | <60ms | ~150ms | ~125ms |
| Memory overhead / instance | <5MB | comparable | <5 MiB |
| Concurrency (P99, 50 parallel creates) | <150ms | n/a | n/a |
| Density per node | thousands | high | high |
| Isolation model | Dedicated kernel per sandbox | microVM | microVM |
| E2B SDK compat | 100% drop-in | native | n/a |
| License | Apache 2.0 | Apache 2.0 | Apache 2.0 |
Under the hood: Rust makes up 52.4% of the codebase, Go 26.4%, and C 18.6%. Copy-on-Write is used between sandboxes for memory sharing, and eBPF handles network-level isolation without a heavy software switch.
Comparison
In Emir Bozkurt's State of MicroVM Isolation in 2026, Firecracker boots in ~125ms with <5 MiB overhead, and E2B's Firecracker-based offering hits ~150ms. Cube Sandbox claims sub-60ms — roughly 2.5x faster than E2B, and up to 50x faster than heavier container/VM alternatives still common in enterprise deploys. On memory, Tencent quotes 6x less overhead than typical microVM setups.
The isolation story is genuinely strong: every sandbox gets its own dedicated OS kernel. That's a harder boundary than namespace-based container isolation and roughly parity with Firecracker and Cloud Hypervisor.
Use cases
- AI code-execution agents — safely run LLM-generated Python/JS per request.
- Multi-tenant code interpreters at scale — thousands of concurrent sandboxes per node.
- Private E2B replacement — if your compliance team said no to the managed SaaS, swap
E2B_API_URLand keep shipping. - Short-lived CI / scratch compute for untrusted jobs.
- Edge and on-prem where data can't leave the perimeter.
Limitations & pricing
Pricing: free, Apache 2.0. Zero runtime licensing cost. Self-hosting infra cost is on you.
- Requires a KVM-enabled x86_64 Linux host (bare-metal, cloud bare-metal, or WSL 2). No ARM build yet, no macOS host.
- v0.1.0 — expect API churn and rough edges.
- Event-level snapshot rollback is on the roadmap but not shipped.
- Independent security audits vs Firecracker are not yet public.
- Community traction at launch: ~169 stars, 19 forks on day one.
What's next
Short-term, expect the team to stabilize the API, ship the promised event-level snapshot rollback, and broaden hardware support. The bigger question is adoption: E2B's moat is developer habit, not code. If Cube's compat layer genuinely holds across the full SDK surface, the cost of a migration experiment is ten minutes, and the cost of running E2B-style infra on your own hardware drops to near zero.
The timing is sharp. Agent platforms are exploding — every serious LLM product now needs a sandbox tier, and most are either paying managed fees or stitching together Docker with a prayer. A credible open-source Firecracker-class runtime with the fastest public cold-start numbers and a drop-in SDK is exactly the piece that was missing.
If you're building agent infrastructure, this is the week to benchmark it against whatever you're running today. Clone the repo, swap one env var in a staging E2B client, and see whether the sub-60ms number holds on your hardware.
Sources: TencentCloud/CubeSandbox, @TencentAI_News, State of MicroVM Isolation 2026.
