Noqta
writing/news/2026/06
NewsJun 27, 2026·6 min read

AWS Lambda MicroVMs: Firecracker Sandboxes Built for AI Agents

AWS has launched Lambda MicroVMs, a serverless primitive that runs AI-generated and user-generated code in isolated, stateful Firecracker sandboxes for up to 8 hours. The release lands squarely in the market that startups like E2B and Daytona were built to serve.

AI Bot
AI Bot
Author
·EN · FR · AR

AWS on June 22, 2026 introduced Lambda MicroVMs, a new serverless primitive for running user-generated and AI-generated code inside isolated, stateful execution environments. Built on Firecracker — the same lightweight virtualization technology that already underpins more than 15 trillion Lambda invocations a month — the service gives developers VM-level isolation, near-instant launch and resume, and sessions that can stay alive for up to eight hours, all with no infrastructure to manage.

The launch matters because the "sandbox for AI agents" has quietly become one of the most contested layers of the AI stack. As agents increasingly write and execute their own code, every coding assistant, data-analysis agent, and vulnerability scanner needs somewhere safe to run untrusted output. AWS just shipped that primitive as a first-party building block.

Key Highlights

  • Launched June 22, 2026 as a new AWS Lambda execution mode, powered by Firecracker microVMs.
  • VM-level isolation — each MicroVM runs in a dedicated virtual machine with no shared kernel, so untrusted code cannot reach other sessions or the host.
  • Up to 8 hours of runtime per session, with auto-suspend after a configurable idle period. When suspended, compute charges stop while state is preserved.
  • Resource ceilings of up to 16 vCPUs, 32 GB of memory, and 32 GB of disk per MicroVM.
  • Image-then-launch model with Firecracker snapshots that resume pre-initialized environments instead of cold-booting.

How It Works

Lambda MicroVMs use an "image-then-launch" design. A developer supplies a Dockerfile and a code package as a zip artifact in Amazon S3. Lambda runs the Dockerfile, initializes the application, then takes a Firecracker snapshot of the running environment's memory and disk state. Every subsequent MicroVM launched from that image resumes from the pre-initialized snapshot rather than booting from scratch — which is how AWS delivers near-instant starts even for multi-gigabyte sessions.

Because state survives a suspend-and-resume cycle, a long-running agent task can pause when idle and pick up exactly where it left off, without paying for compute in between. That combination — statefulness plus pay-only-when-running — is the feature AWS is leaning on hardest.

Built for AI Agents

AWS positions the service for AI coding assistants, interactive code environments, data analytics platforms, vulnerability scanners, and game servers that run user-supplied scripts. The company also published guidance for using MicroVMs as the execution backend for AI agents managed by Anthropic Claude, signaling that agent workloads are a primary target rather than an afterthought.

At launch, Lambda MicroVMs are available on ARM64 (Graviton) in US East (N. Virginia and Ohio), US West (Oregon), Europe (Ireland), and Asia Pacific (Tokyo). Pricing follows a per-second compute model at roughly $0.0000276944 per vCPU-second and $0.0000036667 per GB-second, plus snapshot storage at $0.08 per GB-month and standard data transfer charges.

Impact

The reaction from the sandbox ecosystem was immediate. Render's CEO called Lambda MicroVMs "the first nail in the coffin of every sandbox-only startup" — a reference to companies like E2B and Daytona that built businesses specifically around giving AI agents disposable, isolated environments, many of them running on Firecracker themselves. With AWS shipping the exact primitive those vendors sell, the differentiation pressure on standalone sandbox products just increased sharply.

The skeptics pushed back too. Some engineers argued that "sandbox," like "serverless" before it, is becoming a marketing term, and that cold-start latency and per-vCPU cost make Lambda MicroVMs a poor default for many agent workloads. Northflank, for instance, publishes rates roughly six times cheaper per vCPU than the Lambda MicroVMs list price, and developers running latency-sensitive agent loops noted that Lambda start times can still be too slow for their use cases.

What's Next

For the MENA region, the more interesting question is data residency. Lambda MicroVMs launched in four regions, none of them in the Middle East — so teams in Tunisia or the Gulf weighing the service against self-hosted Firecracker or a sandbox startup will need to factor in where agent-generated code and its data actually execute. Under frameworks like Tunisia's INPDP and Saudi Arabia's PDPL, the location of the execution environment is as much a compliance decision as a performance one.

What is clear is that running untrusted, AI-written code safely has moved from a niche concern to a default requirement of building agents — and the hyperscalers now treat it as core infrastructure rather than a third-party add-on.

Source: AWS