Run Untrusted AI Agent Code Safely with Azure Container Apps Sandboxes
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Azure sandboxes for untrusted AI agent code is a novel infrastructure solution.
Microsoft announced the public preview of Azure Container Apps Sandboxes, a new ARM resource type (Microsoft.App/SandboxGroups) that runs untrusted AI agent code in hardware-isolated microVMs, booting from OCI disk images in under a second and scaling to thousands of instances with zero cost when idle. Each sandbox enforces network egress deny-by-default, supports Entra managed identities for credential-free authentication, and integrates with the Agent Governance Toolkit for pre-execution AST scanning and tool allowlisting. Products like GitHub Copilot Cloud Sandboxes and Foundry Hosted Agents already use this infrastructure, making it a production-ready isolation layer for multi-tenant agentic workloads.