Cloudflare

Edge-compute and security company. In the AI-agent context, ships two sandboxing primitives Agrawal demoes:

• Dynamic Worker Isolates — V8 isolates spun up at runtime (sub-millisecond startup, JS/TS/Python/WASM, no FS, no processes). Via loader.load + globalOutbound: null to cut network.
• Sandbox SDK + Durable Objects + Container VMs — real Linux containers for use cases that need FS, processes, package installs, dev servers. Lifecycle driven by a stateful durable object.

Both enforce capability-based-security by default.

Cross-references

• harshil-agrawal — developer advocate
• isolates-vs-containers — the primitives his talk maps across
• isolated-agent-vms — related sandbox-per-agent pattern from eric-zakariasson