2. 1. The AI Agent Infrastructure Market
| AI agents market (2025) | $7–8 billion |
|---|---|
| Projected (2030) | $52–251 billion (33–47% CAGR) |
| GPU-as-a-service (2024) | $3.8 billion, projected $12.3B by 2030 |
| Serverless architecture (2025) | $18.2 billion |
| Key unlock | LLMs can now write and execute code autonomously — they need sandboxed computers to do it in |
The market splits into three categories based on what the platform provides:
- Sandbox-first (AI agent runtimes)
- Purpose-built isolated environments for AI agents to execute code. CPU-focused, sub-second cold starts, SDK-driven. Players: E2B, Daytona, Sprites (Fly.io), Morph Cloud, Blaxel, Cloudflare Sandboxes.
- Compute-first (serverless GPU/CPU)
- General-purpose serverless compute that includes sandbox capabilities. GPU-heavy, broader ML/AI workloads. Players: Modal, RunPod, Together AI, Northflank.
- IDE-first (dev environments)
- Cloud development environments originally built for human developers, now pivoting toward AI agents. Players: GitHub Codespaces, CodeSandbox, Replit, Ona (formerly Gitpod).
Critical trend: Every platform is converging on the same customer — AI agent builders. E2B started with sandboxes, Modal started with GPU compute, Gitpod started with dev environments, Fly.io started with app deployment — and all of them now sell “infrastructure for AI agents.” The question is which abstraction wins.
3. 2. E2B
Open-source platform providing sandboxed Linux virtual machines for AI agents. Built on Firecracker microVMs (the same technology behind AWS Lambda). Each sandbox is a full Linux VM with terminal, filesystem, networking, and code execution — isolated at the hardware level.
| Founded | 2023 (Prague, Czech Republic → San Francisco) |
|---|---|
| Founders | Vasek Mlejnsky (CEO), Tomas Valenta (CTO) |
| Funding | ~$32–35M total (Seed $11.5M Decibel Partners, Series A $21M Insight Partners) |
| Revenue | ~$1.5M (2025, 14-person team) |
| Traction | 88% of Fortune 100 signed up, 500M+ sandboxes started, 2M+ monthly package downloads |
| GitHub | 9.8K+ stars, open source |
| Compliance | SOC 2 |
Key Features
- Firecracker microVM isolation
- Hardware-level virtualization with dedicated kernel per sandbox. Strongest isolation in the market.
- Sub-200ms cold starts
- Pre-warmed VM snapshots enable near-instant sandbox creation. ~125ms typical.
- Template system
- Define environments via Dockerfiles; E2B converts them into snapshotted microVMs (not running containers).
- SDKs
- Python and JavaScript/TypeScript. LLM-agnostic (OpenAI, Anthropic, Mistral, Llama, Groq, etc.).
- Code Interpreter
- Higher-level abstraction for executing code and getting results, including charts/visualizations.
- Docker MCP Catalog
- Access to 200+ tools (GitHub, Browserbase, ElevenLabs) via Docker MCP Gateway.
- BYOC / Self-hosted
- Enterprise tier supports AWS, GCP, Azure, and on-premises deployment.
Pricing
| Plan | Price | Key limits |
|---|---|---|
| Hobby | Free ($100 credit) | 1-hour sessions, 20 concurrent sandboxes |
| Pro | $150/mo | 24-hour sessions, 100 concurrent sandboxes, custom CPU/RAM |
| Enterprise | Custom | BYOC, self-hosted, custom concurrency |
Usage: ~$0.05/hr per vCPU. Per-second billing. RAM included in CPU price.
Customers
Perplexity, Hugging Face, Manus, Groq, Lindy.
Strengths & Weaknesses
- + Strongest isolation (Firecracker). Best SDK/DX. Open source. Broad LLM framework support. BYOC.
- − No GPU support. Ephemeral by default (limited persistence). Max 24-hour sessions. Revenue modest for funding level ($1.5M on $35M raised).
4. 3. Modal
Serverless cloud compute platform purpose-built for AI/ML workloads. The core abstraction: decorate a
Python function with @app.function() and it executes remotely with the specified resources.
Handles container orchestration, GPU scheduling, auto-scaling, and scale-to-zero — all defined
in Python, zero YAML.
| Founded | 2021 (New York City) |
|---|---|
| Founders | Erik Bernhardsson (CEO, ex-Spotify/Better.com), Akshat Bubna (CTO) |
| Funding | $111M total (Series B $87M at $1.1B valuation, led by Lux Capital) |
| Revenue | ~$50M ARR (Feb 2026) |
| Valuation | $1.1B (Series B); in talks for Series C at ~$2.5B (General Catalyst) |
| Isolation | gVisor (Google’s user-space kernel). First to run gVisor with GPU passthrough. |
Five Product Lines
- Inference
- Deploy and scale LLM/audio/image/video models with sub-second cold starts.
- Training
- Fine-tune models on single or multi-node GPU clusters.
- Sandboxes
- Secure ephemeral environments for untrusted code execution. Used by Cognition (Devin).
- Batch
- Scale to thousands of containers for batch processing.
- Notebooks
- Collaborative code environments with GPU access.
Pricing
| Plan | Price | Key limits |
|---|---|---|
| Starter | Free ($30/mo credit) | 100 max containers, 10 GPU concurrency, 3 seats |
| Team | $250/mo ($100 credit) | 1,000 containers, 50 GPU concurrency, unlimited seats |
| Enterprise | Custom | HIPAA, SSO, audit logs, volume discounts |
GPU pricing (per-second):
| GPU | $/hour (approx.) |
|---|---|
| NVIDIA T4 | $0.59 |
| NVIDIA L4 | $0.80 |
| NVIDIA A10G | $1.10 |
| NVIDIA A100 (40GB) | $2.10 |
| NVIDIA A100 (80GB) | $2.50 |
| NVIDIA H100 | $3.95 |
| NVIDIA H200 | $4.54 |
| NVIDIA B200 | $6.25 |
CPU: $0.047/core/hr. Sandbox/notebook CPU is 3x standard. Regional multipliers apply (1.25x US/EU, up to 2.5x other).
Customers
Cognition AI (Devin), Suno, Lovable, Scale AI, Quora, Ramp, Harvey AI, Meta, Mistral AI.
Strengths & Weaknesses
- + GPU support (T4 through B200). $50M ARR — real revenue. Sub-second cold starts. Python-native DX. gVisor + GPU is unique.
- − Python-only (alpha JS/Go SDKs). No BYOC. Sandbox pricing is 3x standard compute. Not open source. Regional multipliers can surprise.
5. 4. Daytona
Secure, elastic infrastructure for running AI-generated code. Originally an open-source Cloud Development Environment manager (launched March 2024), pivoted to AI agent infrastructure in February 2025. CEO Ivan Burazin: “Developers aren’t the only ones writing code anymore — agents are now writing and executing code independently.”
| Founded | 2023 (New York City) |
|---|---|
| Founders | Ivan Burazin (CEO, ex-Codeanywhere), Vedran Jukic, Goran |
| Funding | $31M total (Seed $5M Upfront Ventures, Series A $24M FirstMark Capital) |
| Revenue | $1M ARR in 60 days post-launch (July 2025); doubled within 6 weeks |
| GitHub | ~59,700 stars (largest in the space), open source |
| Strategic investors | Datadog, Figma Ventures |
Key Features
- Fastest cold starts
- 27ms spin-up, sub-90ms end-to-end sandbox creation. Industry-leading.
- Stateful by default
- Sandboxes persist filesystem, env vars, installed packages across interactions. Unlike E2B’s ephemeral model.
- Docker-native
- Uses standard Docker/OCI images. No proprietary formats.
- Multi-language SDKs
- Python, TypeScript, Go, Ruby. Broadest SDK coverage in the space.
- Sandbox lifecycle management
- Auto-stop, auto-archive, auto-delete. Per-second billing with millisecond precision.
- MCP Server
- Native Model Context Protocol integration for Claude, Cursor, Windsurf.
Pricing
| Aspect | Detail |
|---|---|
| Free credits | $200, no credit card required |
| Startup credits | Up to $50,000 (application-based) |
| Small sandbox (1 vCPU, 1 GiB) | ~$0.067/hr while running |
| Stopped sandboxes | Storage costs only |
| Archived sandboxes | Even lower storage rates |
| Bandwidth | Included, no hidden fees |
Customers
LangChain, Turing, Writer, SambaNova. From YC startups to Fortune 100.
Strengths & Weaknesses
- + Fastest cold starts (27ms). Stateful by default. Docker-native. 4 SDK languages. Largest OSS community (59.7K stars). Generous free credits ($200).
- − Docker isolation is weaker than Firecracker (kernel shared). No GPU support. Pivoted recently (Feb 2025) — still proving the new positioning. Had ~$300K ARR from CDE business that was abandoned.
6. 5. Fly.io / Sprites
sprites.dev (by Fly.io)
Fly.io is a global infrastructure platform deploying apps as Firecracker microVMs across 35+ regions. In January 2026, they launched Sprites — purpose-built stateful sandboxes for AI coding agents.
Sprites Key Features
- Persistent state
- 100GB NVMe filesystem included. State persists across sessions indefinitely.
- Checkpoint/restore
- Save and resume sandbox state in ~300ms.
- Zero idle cost
- No charge when sandbox is inactive. Only pay when actually computing.
- Firecracker isolation
- Same hardware-level microVM isolation as E2B, but with Fly.io’s 35+ region network.
Pricing
| Resource | Price |
|---|---|
| CPU | $0.07/CPU-hour |
| Memory | $0.04375/GB-hour |
| Idle | Free (no charge) |
| Storage | 100GB NVMe included |
A 4-hour Claude Code session costs ~$0.44.
Strengths & Weaknesses
- + True persistence (100GB NVMe). Zero idle cost. Firecracker isolation. Fly.io’s global network. Very cheap.
- − Brand new (Jan 2026). Slower initial creation (1–12s) than E2B/Daytona. No GPU. No SDK yet (API-only). Fly.io is an app deployment company — sandboxes are a side product.
7. 6. Adjacent Platforms
Northflank
- What it does
- Full-stack deployment platform with AI sandbox capabilities. Ranked #1 AI sandbox platform in multiple 2026 rankings.
- Isolation
- Kata Containers + gVisor. BYOC deployment (AWS, GCP, Azure, Oracle, bare-metal). Your data never leaves your VPC.
- Pricing
- CPU at $0.017/vCPU-hour (~65% cheaper than Modal). H100 GPU at $2.74/hr. 2M+ isolated workloads/month.
- Key differentiator
- BYOC with multiple isolation options, any OCI image, unlimited session duration, cheapest CPU pricing.
Morph Cloud
- What it does
- AI agent infrastructure with “Infinibranch” technology — snapshot, branch, and restore entire VM states in under 250ms.
- Key differentiator
- Environment branching: fork entire VM states to explore parallel execution paths. Uniquely powerful for agents trying multiple approaches simultaneously.
- Pricing
- Free account available. Browser environments at $0.07/browser-hour (up to 1,024 concurrent).
Blaxel
- What it does
- “Perpetual sandbox platform” with 25ms resume times. $7.3M seed from First Round Capital.
- Key differentiator
- Sub-cold-start resume (25ms). Scale-to-zero billing. Claims 50–80% cost reduction vs traditional serverless for bursty agent workloads.
- Pricing
- $200 free credits. Scale-to-zero billing (details not fully public).
Together AI Code Sandbox
- What it does
- Code execution environments bundled with Together’s inference API. Hot-swappable VMs (2–64 vCPUs).
- Key differentiator
- Unique bundle of model inference + code execution. Seamless “think then execute” workflows.
- Pricing
- $0.045/vCPU-hour + $0.015/GiB RAM/hour. 500ms snapshot resume. Cold start 2.7s (slower than E2B/Daytona).
Cloudflare Sandboxes
- What it does
- Browser isolate technology + Durable Objects for persistent, stateful AI agents.
- Key differentiator
- Millions of concurrent agents possible. Hibernate when idle, cost nothing when inactive. Cloudflare’s global edge network.
- Pricing
- ~$0.05/hour per 1 vCPU.
8. 7. GPU Compute
These platforms sell raw GPU compute, not sandboxes. Relevant because many AI agent workloads need GPUs for inference, and some (Modal, Together) are expanding into sandboxes.
RunPod
- What it does
- GPU cloud with on-demand and spot instances. Per-second billing. 60–80% cheaper than AWS for comparable GPUs.
- Pricing
- From $0.17/hr (low-end) to $3.99/hr (H200 SXM). Serverless endpoints with sub-200ms FlashBoot cold starts. No egress fees.
- Trade-off
- Cheapest GPUs in the market, but no sandbox isolation, no code execution environments, no agent-specific features. Raw compute only.
GPU Pricing Comparison
| GPU | Modal | RunPod | Northflank |
|---|---|---|---|
| H100 | $3.95/hr | $2.49/hr | $2.74/hr |
| A100 (80GB) | $2.50/hr | $1.64/hr | — |
| A10G | $1.10/hr | $0.28/hr | — |
| T4 | $0.59/hr | $0.17/hr | — |
9. 8. Dev Environments (Pivoting to AI)
These platforms were built for human developers. All are pivoting toward AI agents, with varying degrees of success.
GitHub Codespaces
- What it does
- Cloud VS Code environments on Azure VMs with deep GitHub integration.
- Pricing
- Free monthly quota. Compute: $0.18/hr (2-core) to $2.88/hr (32-core).
- AI agent support
- Not purpose-built. Lacks sub-200ms cold starts and programmatic SDK for agent workflows.
CodeSandbox
- What it does
- Browser-based cloud dev environments with microVMs and real-time collaboration.
- Pricing
- Free (40 hrs/mo). Pro: $9/mo. SDK available separately for programmatic access.
- AI agent support
- SDK offers programmatic VM creation, but optimized for web dev, not AI agent code execution at scale.
Replit
- What it does
- Cloud IDE with AI Agent 3 that autonomously writes, tests, and deploys code (up to 200 minutes continuously).
- Pricing
- Free (limited). Core: $25/mo. Their AI Agent Code Execution API is a prototype (100ms response, omegajail sandbox).
- AI agent support
- Consumer-facing AI agent, not infrastructure-as-a-service. Snapshot engine not exposed as a general-purpose API.
Ona (formerly Gitpod)
- What it does
- Rebranded September 2025 from cloud dev environments to “mission control for AI software engineers” — orchestrating AI agents across the full SDLC.
- Pricing
- Core plan with 80+ Ona Compute Units/month. Additional OCUs at $10/40 units. Enterprise: custom.
- Key difference
- Higher-level orchestration (planning, coding, testing, deployment) rather than raw sandbox API.
10. 9. Competitive Comparison Table
| Platform | Cold Start | Isolation | GPU | Persistence | BYOC | CPU $/hr | Open Source |
|---|---|---|---|---|---|---|---|
| E2B | ~125ms | Firecracker microVM | No | Ephemeral (max 24h) | Yes (Enterprise) | $0.05 | Yes |
| Modal | Sub-second | gVisor | Yes (T4–B200) | Ephemeral | No | $0.047 | No |
| Daytona | 27–90ms | Docker containers | No | Stateful (indefinite) | No | $0.067 | Yes |
| Sprites (Fly.io) | 1–12s / 300ms restore | Firecracker microVM | No | Persistent (100GB NVMe) | No | $0.07 | No |
| Northflank | Fast | Kata + gVisor | Yes (H100) | Unlimited | Yes | $0.017 | No |
| Morph Cloud | <250ms branch | microVM | No | Branching/snapshotting | No | ~$0.07 | No |
| Blaxel | 25ms resume | Proprietary | No | Perpetual | Unknown | Unknown | No |
| Together Sandbox | 2.7s / 500ms resume | VM | Yes | Hot-swappable | No | $0.045 | No |
| Cloudflare | Fast | Browser isolate | No | Durable Objects | No | ~$0.05 | No |
| RunPod | Sub-200ms | None (raw GPU) | Yes (T4–H200) | Persistent volumes | No | N/A | No |
11. 10. Isolation Models Explained
The fundamental trade-off in this market is speed vs. security. Faster isolation means weaker boundaries. This matters because AI agents execute untrusted, machine-generated code.
| Model | How it works | Speed | Security | Used by |
|---|---|---|---|---|
| Firecracker microVM | Lightweight VM with dedicated kernel. Hardware-level isolation via KVM. <5MB RAM overhead. | ~125ms | Strongest (VM-level) | E2B, Sprites, AWS Lambda |
| gVisor | User-space kernel that intercepts syscalls. Acts as guest kernel without full VM. | Sub-second | Strong (syscall filtering) | Modal, Northflank |
| Kata Containers | Lightweight VMs that look like containers. OCI-compatible. | Fast | Strong (VM-level) | Northflank |
| Docker containers | Linux namespaces + cgroups. Shared kernel with host. | 27–90ms | Weaker (kernel shared) | Daytona |
| Browser isolate | V8 isolates running in isolated browser contexts. | Very fast | Good (V8 sandbox) | Cloudflare |
Bottom line: If you’re running untrusted code from the internet, Firecracker or gVisor. If you control the code and need maximum speed, Docker containers. If you only need JavaScript, browser isolates.
12. 11. How to Compete as a Bootstrapper
The Hard Truth
This is a terrible market for bootstrappers. The reasons:
- Infrastructure is capital-intensive. Running thousands of VMs across multiple regions requires significant compute spending. E2B has raised $35M, Modal $111M, Daytona $31M. You are competing against companies that burn millions on infrastructure before seeing revenue.
- The race to the bottom is already happening. CPU pricing ranges from $0.017/hr (Northflank) to $0.07/hr (Sprites). Margins are thin. Volume is everything.
- Every platform is converging. E2B, Modal, Daytona, Fly.io, Cloudflare, Together AI, Vercel — everyone is adding AI sandbox features. You’d be entering a market where well-funded players are all attacking the same opportunity simultaneously.
- The technology is hard. Building a microVM orchestration layer with sub-200ms cold starts, per-second billing, multi-region failover, and SOC 2 compliance is not a weekend project.
Where a Bootstrapper Could Win
Strategy 1: Self-Hosted Sandbox Orchestrator
Every enterprise is terrified of sending their code and data to third-party sandbox providers. Build an open-source, self-hosted sandbox orchestrator that enterprises deploy in their own cloud. Think “Daytona but fully self-hosted with a management UI.” Charge for support, enterprise features (SSO, audit logs, RBAC), and a management dashboard. The open-source microsandbox project and Google’s Agent Sandbox (Kubernetes controller) show this is possible. Price at $500–$2,000/mo for enterprise support.
Strategy 2: Vertical Sandbox-as-a-Service
Instead of a general-purpose sandbox, build for one specific use case with deep integration. Examples: sandboxes pre-configured for data science (Jupyter, pandas, matplotlib pre-installed, dataset mounting), sandboxes for web scraping agents (headless Chrome, proxy rotation, anti-detection built in), or sandboxes for CI/CD pipelines (pre-built with common build tools, artifact caching). Price at $200–$500/mo.
Strategy 3: Sandbox Monitoring & Observability
Nobody is solving observability for AI agent sandboxes. When an agent spawns 100 sandboxes, runs code in each, and 3 of them fail silently — how do you debug that? Build a monitoring tool (not a sandbox provider) that integrates with E2B, Daytona, and Modal to provide agent execution traces, cost tracking per agent run, error detection, and sandbox lifecycle analytics. Sell to the same companies already using sandbox providers. Price at $99–$499/mo.
Strategy 4: Agent Testing Infrastructure
AI agents need to be tested before production. Build a testing platform specifically for AI agent developers: deterministic sandbox replay (record and replay agent sessions), regression testing (did the agent produce the same output?), performance benchmarking (sandbox cold start times, execution costs), and safety testing (did the agent try to escape the sandbox?). Price at $149–$499/mo.
What NOT to Do
- Don’t build another sandbox provider. E2B, Daytona, Modal, Sprites, Northflank, Blaxel, Morph Cloud, Together, Cloudflare, and Vercel are all doing this. The market does not need another one.
- Don’t compete on price. Northflank is at $0.017/vCPU-hour. You cannot win a price war against VC-funded infrastructure companies.
- Don’t compete on cold starts. Daytona is at 27ms. Blaxel is at 25ms resume. This is a hardware/engineering arms race you cannot fund as a bootstrapper.
- Don’t underestimate compliance. Enterprise buyers need SOC 2, HIPAA, GDPR. Achieving compliance costs $50K–$100K+ and months of work.
The Bootstrap Verdict
The AI agent sandbox market is real and enormous, but it’s an infrastructure play that structurally favors VC-backed companies with deep pockets. The capital requirements (compute, compliance, multi-region), the convergence pressure (everyone adding sandboxes), and the thin margins (commoditized compute pricing) make this a market where bootstrappers should build around the sandbox providers, not compete with them.
Best bet: Sandbox observability/monitoring, or agent testing infrastructure. Both are picks-and-shovels plays that grow with the sandbox market without requiring you to run the infrastructure yourself. Both have clear buyers (the same teams already paying E2B and Modal), and both are wide-open niches that no established player is focused on.