Back to microsandbox

Compare

microsandboxvsDocker

Docker is the default tool reach when you hear 'sandbox.' It's incredible at what it does, packaging and shipping apps. But containers share the host kernel, and an agent that escapes the container has the run of your machine, microsandbox uses microVMs: a separate kernel per sandbox, hardware-enforced isolation.

microsandbox
local + cloud
Docker
Industry-standard container runtime
Isolation model
Hardware microVM · separate kernel
Linux containers · shared kernel
Daemon required
None, runs in your process
dockerd · root-owned background service
Boot time
Sub-100ms cold start
10-50ms (warm), seconds for fresh container
Container escape risk
Hardware boundary · agent can't reach host
Container escapes are a known class of CVE
Image format
Any OCI image
Any OCI image
Secrets handling
TLS-bound substitution · real keys never enter guest
Env vars or mounted files · guest sees the value
Network policy
Programmable allowlist · DNS pinning
Network primitives, you build your own policy
Cross-platform native
macOS · Linux · WSL, same kernel everywhere
macOS · Windows ship a hidden Linux VM
Designed for
AI agents · untrusted code execution
Application packaging and deployment
Cloud-ready
Local-first · cloud beta soon
Self-managed or via Kubernetes
Pick Docker

Pick Docker for what it was built for: shipping apps.

  • You're packaging a long-running service for production deployment.
  • Sub-50ms boot matters more than hardware isolation.
  • You trust the code running inside, it's your team's app, not an agent's untrusted output.
  • You're already deep in the Docker / Kubernetes ecosystem and don't want a parallel runtime.
Pick microsandbox

Pick microsandbox when the code inside isn't yours.

  • You're running AI agents that generate and execute code at runtime.
  • A container escape would be a security incident, you need a hardware boundary.
  • Your secrets shouldn't ever sit in the guest's environment, even briefly.
  • You want to programmatically allowlist what the sandbox can talk to.
  • You want one daemon-free SDK to embed in your app, no socket, no root service.
Closed beta

Cloud and on-prem, almost here.

Drop your email and we'll invite you in as the beta opens up.

Want to talk first? Schedule a call