The article compares two patterns for deploying AI agents in the cloud: directly in sandboxes vs decoupling components. It explains the limitations of the sandbox approach due to cloud failures, and highlights Anthropic's Claude Managed Agent as a solution that decouples session store, agent runtime, and sandbox for resilience.
Deploy agents into the cloud environments diverged into 2 patterns: Deploy agents directly into the sandboxes. Decouple the agents into smaller components and deploy them separately. The first pattern works but the second pattern is more suitable for the cloud environment. Before we dive into the reason for this argument, let’s go through the history a little bit: The starting point of the agent is OpenClaw and Claude Code. This is when the agent can surprise the creator by finishing tasks that were unexpected. From this point, the agents can execute the code written by themselves. They are no longer restricted by the fixed toolset provided by their human creators. For OpenClaw and Claude Code, they choose to use the user’s computer to do everything. They execute the code on the computer. They store the sessions and memory on the disk. Without the user’s computer, they’re dead. This design actually makes a lot of sense, because the user wants a personal assistant. The computer contains all of the working context, so if the computer is down, there is no reason for the personal assistant to exist any more. Now, people want to move their agent from their mac to the cloud. The trivial solution would be deploying them in VM or sandboxes. And it works immediately. However, we forgot that cloud machines can fail. If we simply move a solution that is optimized for local usage to the cloud, we will fail harder. This is because that system is built on the assumption that your computer will almost never fail. How to solve this problem? Anthropic released the Claude Managed Agent as the answer. I read the blog post, and they said the agents need “decoupling”. The agent is decoupled into 3 components: session store, agent runtime & the sandbox. Previously, they were all inside the sandbox. If the sandbox is down, they are all gone. Now, these 3 components are independent services. If the sandbox died, the agent runtime caught the failure as a tool-call error and passed it back to Claude. If Claude decided to retry, a new container could be reinitialized with a standard recipe.
Browser Use describes two patterns for isolating AI agents that execute code: isolating the tool vs isolating the agent. They implemented the agent isolation pattern using Unikraft micro-VMs on AWS, achieving secure, scalable, and disposable sandboxes.
Discusses the challenge of moving AI agents from sandbox to production, highlighting high sensitivity causing noise, and proposes solutions like secondary evaluators, heuristics, and cascading architectures. Asks the community about their approaches to filtering.
Anthropic introduces Managed Agents on the Claude Platform, a hosted service that decouples agent components to improve scalability and reliability for long-horizon tasks.
This post evaluates sandbox platforms for background agents, focusing on requirements like running real workloads, ingress, and cost. It outlines the Deputies sandbox provider interface and key considerations.
A developer built Terrarium, an open-source sandboxing solution for running multiple AI agents securely with isolated worlds, reverse-proxy management, and state rollback.