Google has introduced Agent Sandbox, a new feature for Kubernetes and Google Kubernetes Engine (GKE) designed to enhance AI agent performance and security. AI agents can perform complex tasks by using various tools to meet user requests, but this flexibility introduces risks. Traditional software is predictable, while AI agents can act autonomously, raising concerns about security and operational stability. Agent Sandbox aims to mitigate these risks by providing strong isolation for code execution, allowing for the creation and deletion of thousands of ephemeral environments with limited network access. Built on gVisor and supporting Kata Containers, Agent Sandbox offers a secure framework for running agent-based workloads. Its architecture is optimized for performance, especially in GKE, where it can leverage managed gVisor and pre-warmed pools of sandboxes to achieve sub-second latency for isolated workloads—up to a 90% improvement over cold starts. The introduction of Pod Snapshots is a significant enhancement, reducing startup time for both CPU and GPU workloads from minutes to seconds by allowing teams to snapshot and restore running pods. Designed with AI engineers in mind, Agent Sandbox simplifies the infrastructure management process. It features an API and Python SDK that enable developers to handle sandbox lifecycles without needing deep knowledge of Kubernetes. This focus on user experience allows developers to concentrate on building AI solutions while providing Kubernetes administrators with the necessary operational control. Agent Sandbox is available as an open-source project on GKE, with Pod Snapshots in limited preview, set to roll out to all customers later this year.