Cloudflare shipped Agents Week. OpenAI rebuilt the Agents SDK around sandbox execution. Google said 75% of new code is AI-generated. The connecting thread is the same primitive: sandboxes are becoming the runtime layer for AI agents.
Three announcements landed inside twelve days. They look unrelated until you stack them on top of each other, and then the story is hard to miss.
April 13–20: Cloudflare ran Agents Week, 20+ launches anchored on the general availability of Sandboxes — persistent, isolated Linux environments with a shell, a filesystem, and background processes.
April 15: OpenAI shipped a new Agents SDK built around a model-native harness with sandbox-aware orchestration, Codex-style filesystem tools, and durable execution.
April 25: At Google Cloud Next 2026, Sundar Pichai said 75% of new code at Google is AI-generated, up from 50% in October. (Storyboard18)
If you've been building anything with coding agents over the last six months, none of this is shocking on its own. The interesting part is what the three announcements have in common: they're all betting that the unit of execution for AI work is no longer a function call, a container, or a serverless invocation. It's a sandbox. A long-lived, stateful one.
Sandboxes are quietly becoming what VMs were in 2008.
Cloudflare's framing for Agents Week was that they're building the agentic cloud. That's a marketing line, but the product list backs it up:
Sandboxes (GA) — persistent Linux environments, with the kinds of primitives agents have been kludging together (shell, filesystem, background processes) now sitting behind a stable API.
Artifacts — a Git-compatible storage primitive. They're pitching it as tens of millions of repositories so agents have a permanent home for the code they write.
Agent Memory — managed persistent memory. Agents recall what matters, forget what doesn't, get smarter over time.
Browser Run (the rebrand of Browser Rendering) — Live View, Human-in-the-Loop, CDP access, session recordings, 4× higher concurrency.
Cloudflare Mesh — private networking specifically built for agents talking to humans, multicloud infra, and each other.
AI Gateway — 70+ models across 12+ providers behind one API endpoint and one set of credits.
The shape of the bet is clear. Cloudflare thinks an agent's computer is going to be a sandbox you rent the way you rent a Worker today, with first-class storage, memory, networking, and a browser bolted on. They're trying to be the AWS of that world.
The unit of execution for AI work is no longer a function call. It's a sandbox.
What OpenAI actually shipped
OpenAI's update to the Agents SDK on April 15 reads, on first pass, like a pile of new features. On second pass, it reads like a position statement.
The headline change is a model-native harness. The SDK now ships with the same primitives that power Codex inside ChatGPT: tool use via MCP, progressive disclosure via skills, custom instructions via AGENTS.md, code execution via a shell tool, file edits via apply_patch. That's not a feature — that's OpenAI saying the harness we use is now the harness you use.
The second change is the one that matters here. Sandboxes are no longer something you build around the SDK. They're something the SDK orchestrates natively. The SDK now includes built-in support for seven sandbox providers out of the box:
Blaxel
Cloudflare
Daytona
E2B
Modal
Runloop
Vercel
You can also bring your own. The sandbox is just a slot in the runtime now.
The third change is the most interesting if you've ever lost a long-running agent to an OOM kill. The SDK supports durable execution — snapshot the agent state, kill the container, hydrate into a fresh one, keep going. That's the kind of feature you only build when you've decided agents are going to run for hours, not seconds. It's borrowed straight from how Codex handled the famous 25-hour, 13M-token, 30k-line autonomous run that's been making the rounds.
Python first. TypeScript later. Standard API pricing.
Pichai's 75% — which is AI suggested, human accepted or edited — is doing something specific in this story. It's the demand signal.
In October, the same metric was 50%. In late 2024 it was 25%. The curve is doing what curves like that always do: it's not flattening, it's accelerating. And every percentage point of that growth is more code being written by something that needs:
A place to put files
A shell to run them in
A way to remember what it did yesterday
A way to recover when its container falls over
That is — exactly — the list of things Cloudflare and OpenAI just shipped.
It's tempting to read the Google number as a vibes datapoint about the future of work. It's more useful as the reason the infrastructure announcements are landing now. The biggest engineering org on the planet just told you which way demand is moving. Cloudflare and OpenAI are pricing the supply curve.
Here's the practical version, for anyone building agent-shaped things this quarter.
A year ago, give my agent a shell meant standing up a container, wiring in code execution, hoping the network shape didn't break, and writing your own state recovery if you wanted the run to survive past a few minutes. Most teams didn't bother. They wrote glue, kept runs short, and accepted that anything ambitious was a research demo.
What changed in April is that the glue is now a product surface.
If you're using OpenAI's SDK, the line between agent that can run code and agent that can run code in a real Linux box, persistently, with snapshot recovery is one config field naming the sandbox provider. If you're on Cloudflare, the same shape comes for free with Workers — same control plane, same auth, same observability story.
The implication for product work is mostly about ambition. Tasks that were too long-horizon to attempt — codebase migrations, multi-day data pipelines, agents that genuinely keep state across sessions — are now within reach without rolling your own runtime. The Codex example isn't a stunt anymore; it's a reference architecture.
The implication for cost is messier. Long-running sandboxes are not cheap. Persistent memory is not cheap. The 1M-token contexts these things tend to generate are not cheap. None of this is sized for a $20/month consumer product.
A few things to keep in mind before you go retire your old agent harness.
The interop story is one-way for now. OpenAI's SDK can drive Cloudflare sandboxes. That doesn't mean Cloudflare's stack speaks OpenAI primitives, or that you can swap providers without rewriting the harness layer. The 70+ models, one endpoint promise is real for inference. It's not yet real for agent runtimes.
Durable execution is a contract, not a guarantee. Snapshot/rehydrate works well when the agent's state is in the sandbox. It works less well when the agent has half its state in some external system that doesn't know it just got rolled back to a checkpoint. Idempotency is suddenly your problem in places it wasn't before.
Memory will eat you. Persistent agent memory is the feature that sounds best in the demo and goes wrong in the longest, weirdest tail. If you've ever debugged why is the agent suddenly confidently wrong about a fact it learned three weeks ago, you know the shape of this. The platforms shipping memory primitives aren't shipping the policy — that part is still on you.
75% does not mean what it sounds like. AI-generated and accepted is a different bar from AI shipped to prod with no humans in the loop. Don't read Pichai's number as evidence the engineers are gone. Read it as evidence the engineers got a much faster keyboard.
So what
If you only take one thing from the last two weeks, take this: the sandbox is the new compute primitive for AI work, and the providers betting on it are no longer fringe. When OpenAI's own SDK ships with first-class support for seven sandbox vendors — and Cloudflare promotes Sandboxes to GA the same week — the question stops being should my agent have a real computer to work in and becomes which one, on what terms.
That's a different conversation than the one we were having in February.
The 2008 analogy isn't quite right, because the curve is steeper. EC2 took years to feel inevitable. The agent runtime layer is going to feel inevitable by summer.
We use cookies to enhance your browsing experience and analyze our traffic.
By clicking "Accept All", you consent to our use of cookies.
You can also choose to accept only necessary cookies.
Learn more
