I built a sandbox that boots an AI agent VM in ~300ms — here's how

If you've ever built an AI agent that runs code, you've hit the same wall I did: how do you run untrusted LLM-generated code safely, without it taking forever? I tried Docker. Shared kernel — felt too risky for arbitrary code execution. I tried full VMs. Safe, but 5–10 second cold starts killed the UX. So I built Sandflare — it uses Firecracker microVMs to launch isolated sandboxes in ~1-2s. Tweaked it further and its ~300ms now. Sandflare psql also launches in milliseconds. How wonderful is that. How we get to ~300ms The trick is snapshot + restore with userfaultfd (UFFD) . Boot a VM once, fully configured Take a memory snapshot On every new sandbox request, restore from that snapshot Memory pages fault in on-demand — the VM is responsive before it's fully loaded into RAM This is the same technique AWS uses internally. The result: consistent sub-400ms cold starts. What Sandflare actually does Beyond fast boots, I added the things I kept needing for agent workloads: Run code and stream