Google introduced Agent Sandbox, a Kubernetes primitive that isolates and scales AI agent workloads with kernel-level separation built on gVisor (with support for Kata Containers) and is debuting at KubeCon NA 2025.
The Agent Sandbox on GKE uses pre-warmed pools to deliver sub-second startup latency, up to a 90% improvement over cold starts, and limits network access while scheduling thousands of sandboxes in parallel.
Google further said Pod Snapshots is a new GKE-exclusive feature that checkpoint/restores running pods for CPU and GPU workloads, cutting pod start times from minutes to seconds and reducing idle compute waste when paired with Agent Sandbox.
Google is building Agent Sandbox as a CNCF project, available in open source and deployable on GKE today, with Pod Snapshots in limited preview and broader availability later this year. For setup details, Google published installation and quick-start documentation for Agent Sandbox on GKE.