Deno Sandbox is designed to address the challenges posed by running untrusted code generated by LLMs (Large Language Models). In the past year, Deno Deploy customers have increasingly built platforms where users can generate and execute code in real-time, often calling external APIs that require sensitive credentials. Running such code directly on servers is risky; it can lead to compromised systems and stolen API keys. Deno Sandbox tackles this by using lightweight Linux microVMs that provide isolation and security, allowing users to execute potentially harmful code safely. One standout feature of Deno Sandbox is its approach to handling secrets. Instead of allowing sensitive information like API keys to enter the environment, the sandbox uses placeholders that only reveal actual credentials during outbound requests to approved hosts. This prevents exfiltration attempts. Furthermore, users can restrict network access, blocking any requests to unapproved hosts, which enhances security. The implementation of these features involves a proxy that enforces policy, with plans for additional capabilities like analytics for outbound connections. Deploying code from the sandbox to Deno Deploy is streamlined. A single command can transition code directly into a production environment without the need for rebuilding or re-authentication. While sandboxes are ephemeral by default, they offer options for persistence through volumes and snapshots, allowing users to maintain state and quickly set up development environments. Deno Sandbox operates on a competitive, usage-based pricing model, charging for compute time rather than wall-clock time, making it a cost-effective option for users.