Sandboxing AI agents, 100x faster

Source 2 min read
cloudflare-workersai-agentssandboxingcode-modemcpllmjavascriptinfrastructure

Summary

Cloudflare has released Dynamic Worker Loader in open beta, allowing Workers to spin up fully isolated V8-based sandboxes at runtime in a few milliseconds and a few megabytes of memory — roughly 100x faster and 10x-100x more memory-efficient than containers. The model is: the LLM writes JavaScript/TypeScript, a new isolate runs it in isolation, the isolate is discarded. This makes per-request sandboxing economically viable at consumer scale, something containers cannot offer.

Key Insight

  • The core problem with containers for AI agents: hundreds of milliseconds to boot, hundreds of megabytes per instance, forcing warm-pool management and tempting sandbox reuse that erodes security. At one agent per user (or more), this doesn’t scale.
  • The V8 isolate alternative: Dynamic Worker Loader exposes the same isolate mechanism that has powered Workers for eight years. A few ms to start, a few MB of RAM, no per-sandbox concurrency limits, no rate limits on creation. Scales to millions of requests per second where every single request runs a fresh isolated Worker.
  • Token efficiency gain: Cloudflare’s own MCP server exposes the entire Cloudflare API through just 2 tools in under 1,000 tokens by having the LLM write TypeScript against a typed API instead of navigating hundreds of individual tool definitions. They previously demonstrated an 81% token reduction by switching from flat MCP tool calls to Code Mode.
  • TypeScript as the agent API surface: TypeScript interfaces describe APIs far more concisely than OpenAPI specs (the article shows side-by-side: a ChatRoom interface fits in ~15 lines of TypeScript vs. 60+ lines of OpenAPI YAML). LLMs are trained heavily on TypeScript and will generate it reliably.
  • Security architecture: Cloudflare patches V8 security issues to production within hours (faster than Chrome ships), runs a custom second-layer sandbox, uses hardware MPK extensions, and has Spectre mitigations. Using Dynamic Workers inherits all of this.
  • Pricing: $0.002 per unique Worker loaded per day (waived during beta), plus standard CPU time and invocation costs. Effectively negligible vs. LLM inference costs.
  • Supporting libraries released alongside:
    • @cloudflare/codemode — wraps DynamicWorkerExecutor for Code Mode use cases
    • @cloudflare/worker-bundler — bundles npm dependencies at runtime so the agent can use third-party libraries inside the sandbox
    • @cloudflare/shell — virtual filesystem (SQLite + R2 backed) with typed state methods to minimise RPC round-trips in agentic file editing
  • Real-world validation: Zite (LLM-generated CRUD apps) reports millions of daily executions and says Dynamic Workers outperformed all benchmarked alternatives on speed and library support.