By Cube Sandbox Team | 2026.06.17
Following v0.3.0's snapshot/clone/rollback trio, v0.4.0 ships 58 commits from 15 contributors centered on three questions: egress governance (CubeEgress L7 proxy + credential injection + domain filtering + access audit), observability (container log forwarding via vsock), and consistency (node component version matrix + template compatibility checks). Also delivers a 41% reduction in network P99 latency and cuts template build peak disk from 4.2x to 1.2x image size.
Read moreBy sionli | 2026.06.25
How does Cube Sandbox achieve sub-second snapshots of tens-of-GiB filesystems, memory checkpoints that write only a fraction of total guest RAM, and cloning that creates N independent copies with near-zero disk growth? This article dissects the three interlocking kernel mechanisms — XFS reflink, /proc/pagemap anonymous page detection, and soft-dirty bit — that power Cube v0.3.0's snapshot, clone, and rollback capabilities.
Read moreBy Cube Sandbox Team | 2026.06.23
AI Agents give machines autonomous execution power — and open a Pandora's box of data exfiltration and credential abuse. CubeSandbox builds an end-to-end network security system — from virtual switching to application-layer auditing — on a foundation of KVM MicroVM isolation, an eBPF in-kernel network datapath, and L7 proxy deep inspection. This article dissects the design and implementation of core components like CubeVS, CubeProxy, and CubeEgress, and shows how Cube balances open execution with security and control.
Read moreBy Cube Sandbox Team | 2026.06.17
When software consumers shift from humans to Agents, the requirements change fundamentally — creating a service is no longer an ops task, but part of the inference-and-action loop. Neon's $1B acquisition by Databricks validates this thesis. Cube Sandbox turns "fast spawn, clone, and rollback" into a general-purpose runtime capability, letting any traditional software service become Agent-friendly with near-zero code changes.
Read moreBy coolli | 2026.06.03
Performance benchmark data for CubeSandbox on a Tencent Cloud SA9.4XLARGE32 standard CVM (PVM kernel), covering sandbox creation from template (cold-start latency, concurrency scaling, single-host density) and Snapshot operations (Snapshot creation, create-from-snapshot, Rollback, Clone, Pause/Resume). Each section includes the exact commands needed to reproduce the results.
Read moreBy Cube Sandbox Team | 2026.06.03
In modern AI Agent stacks, the sandbox plays the role of a "secure runtime" — executing model-generated code and tool calls. Cube Sandbox v0.3.0, with 82 commits from 22 contributors, is a foundational architecture upgrade aimed at high-concurrency, long-horizon, and reinforcement-learning workloads. Around three new SDK primitives — snapshot / clone / rollback — it brings "environment replication" and "error recovery" down from minutes to milliseconds.
Read moreBy coolli | 2026.06.01
Performance benchmark data for CubeSandbox on a real bare-metal node, covering sandbox creation from template (cold-start latency, concurrency scaling, single-host density) and Snapshot operations (Snapshot creation, create-from-snapshot, Rollback, Clone). Each section includes the exact commands needed to reproduce the results.
Read moreBy OdysseyWarsaw | 2026.05.22
A community walkthrough on preparing the prerequisite environment — OS choice, kernel version, dependencies — for deploying Cube Sandbox in PVM mode on a standard cloud VM running OpenCloudOS 9. (Article in Simplified Chinese.)
Read moreBy ronyjin | 2026.05.22
How a system originally forged in years of Serverless workloads — high density, high elasticity, high concurrency, strong isolation — extends naturally into the Agent era. This post walks through Cube's core designs (distributed scheduling + node-local bin-packing, resource pooling, frontend/backend decoupling, snapshot restore + lazy load, resource sharing, full-stack lock optimization, native security, and reusing VM resources) and the new capabilities for Agent workloads (low-latency code execution, Agentic RL, image acceleration, snapshot-based branch cloning, event-level snapshot & rollback).
Read moreBy Cube Sandbox Team | 2026.05.19
Following v0.2.0, Cube Sandbox shipped v0.2.2 on May 18. This release extends E2B compatibility from the SDK layer down to the wire-protocol layer, fixes seven recurring stability issues from the v0.1.x era, and lands the first round of CVE remediations for the 0.2 series.
Read moreBy zhaojiew10 | 2026.05.17
A community walkthrough covering the full deployment of Cube Sandbox on an AWS EC2 nested-virtualization instance (c8i.2xlarge) — environment setup, three required patches (Cubelet, CubeShim, and Guest image), service bring-up, template creation, and sandbox creation via the E2B-compatible SDK. Note: original article is in Simplified Chinese.
Read moreBy Cube Sandbox Team | 2026.05.15
We are launching a blog to share release notes, technical deep-dives, and community stories around Cube Sandbox.
Read more