Sub-millisecond sandboxes for AI agents via copy-on-write forking
S

Sub-millisecond sandboxes for AI agents via copy-on-write forking

Sub-millisecond sandboxes for AI agents via copy-on-write forking

2,386 stars
N/A forks
N/A contributors

README

Project documentation from GitHub

Sub-Millisecond Sandboxes for AI Agents: The Magic of Copy-on-Write Forking

If you've ever tried to run AI agents or untrusted code, you know the pain. Spinning up a new container or VM is slow, heavy, and feels like overkill for a quick task. What if you could isolate code in a sandbox almost instantly? Like, in under a millisecond? That’s what ZeroBoot is exploring, and it’s a fascinating shift in how we think about lightweight isolation.

The core idea comes from a tweet that says it all: "Sub-millisecond sandboxes for AI agents via copy-on-write forking." It’s a clever use of a classic systems programming technique, applied to a modern problem. Instead of launching a whole new OS, you fork a process and leverage the kernel’s copy-on-write memory management to create near-instant, isolated environments. For developers building multi-agent systems, plugin architectures, or secure code execution platforms, this is a potential game-changer.

What It Does

ZeroBoot is a project that implements fast, lightweight sandboxes using copy-on-write (CoW) forking. In simple terms, it starts from a pre-initialized, "frozen" process. When you need a new sandbox, it forks this process. Thanks to CoW, the fork is extremely fast—sub-millisecond—because it doesn’t immediately duplicate memory; it just creates a new process that shares the parent's memory until it tries to write to it. This forked process runs in a tightly restricted environment using Linux namespaces and seccomp-bpf, making it isolated and safe for running single tasks or AI agent operations.

Why It’s Cool

The speed is the obvious headline. Sub-millisecond startup means you can spawn thousands of sandboxes per second without breaking a sweat. This is orders of magnitude faster than even the lightest containers. It makes patterns like function-as-a-service or per-request isolation for AI agents suddenly feel far more practical.

But the real cleverness is in the simplicity. It’s not a complex new runtime or virtualization layer. It’s leveraging the Unix fork() system call, a decades-old primitive, in a targeted way. By combining it with modern Linux security features (namespaces for filesystem, network, and PID isolation, plus seccomp for syscall filtering), it achieves a sweet spot of isolation that’s perfect for many agent-like workloads—where the code is short-lived and you need to limit its access to resources.

Think of use cases like: executing untrusted user-provided code in a SaaS platform, running individual steps in an AI agent workflow in isolation, or creating a secure plugin system. ZeroBoot offers a path to do this without the overhead that typically makes fine-grained isolation impractical.

How to Try It

Ready to see how it feels? The project is on GitHub. You’ll need a Linux system (namespaces and seccomp are Linux-specific). Clone the repo and follow the build instructions to get started.

git clone https://github.com/zerobootdev/zeroboot
cd zeroboot
# Check the README for the latest build and run steps

The repository inclu

Did you like this issue?

Join our weekly newsletter

Love discovering amazing projects?

Help us continue bringing you the best open-source discoveries every week.

Back to Projects
Last updated: Mar 19, 2026