AI News AI资讯 1d ago Updated 1d ago 更新于 1天前 46

Cloud Run sandboxes: Lightweight isolation for AI agents Cloud Run 沙箱:AI 代理的轻量级隔离

Google Cloud announces Cloud Run Sandboxes in public preview, enabling secure execution of untrusted code within existing serverless instances. The feature provides near-instant startup (milliseconds) and zero-cost overhead by sharing CPU/memory with the host service. Security is enforced via credential isolation, deny-by-default network egress, and a read-only filesystem with temporary memory overlays. Native integration is provided for Agent Development Kit (ADK) and ComputeSDK to simplify cod Google Cloud 推出 Cloud Run Sandboxes 公共预览版,允许在现有的 Cloud Run 服务实例中毫秒级启动轻量级隔离执行环境,无需额外付费或复杂的基础设施配置。 该功能专为安全执行不可信代码(如 LLM 生成的脚本、用户提交的插件)设计,默认实施零信任安全策略,包括凭据隔离、默认拒绝出站网络访问以及只读文件系统叠加层。 开发者可通过单一标志启用沙箱启动器,并利用内置的 `sandbox` CLI 二进制文件或新的 Agent Development Kit (ADK) `CloudRunSandboxCodeExecutor` 以极简方式集成代码执行能力。 核心

65
Hot 热度
70
Quality 质量
60
Impact 影响力

Analysis 深度分析

TL;DR

  • Google Cloud announces Cloud Run Sandboxes in public preview, enabling secure execution of untrusted code within existing serverless instances.
  • The feature provides near-instant startup (milliseconds) and zero-cost overhead by sharing CPU/memory with the host service.
  • Security is enforced via credential isolation, deny-by-default network egress, and a read-only filesystem with temporary memory overlays.
  • Native integration is provided for Agent Development Kit (ADK) and ComputeSDK to simplify code interpreter workflows.

Why It Matters

This release significantly lowers the barrier for building secure AI agents by eliminating the need for complex container clusters or expensive third-party microVMs. It allows developers to implement robust code execution environments directly within their current serverless architecture, enhancing both security posture and cost efficiency for LLM-powered applications.

Technical Details

  • Architecture: Lightweight, isolated execution boundaries spawned within existing Cloud Run service instances, avoiding the latency and cost of dedicated VMs.
  • Security Model: Implements zero-trust principles including isolation from environment variables and metadata servers, strict deny-by-default network egress, and a safe filesystem overlay that discards changes post-execution.
  • Performance: Demonstrated ability to start, execute, and stop 1,000 sandboxes with an average latency of 500ms.
  • Developer Experience: Enabled via a single deployment flag, mounting a sandbox CLI binary for programmatic spawning via standard subprocess calls.
  • SDK Integration: Supported in the upcoming Agent Development Kit via CloudRunSandboxCodeExecutor and vendor-agnostic ComputeSDK for remote or local invocation.

Industry Insight

  • Cost Optimization: By leveraging existing serverless resources rather than provisioning separate compute instances, organizations can drastically reduce the operational costs associated with AI code execution features.
  • Security Standardization: The built-in, deny-by-default network and credential isolation sets a new baseline for safe LLM code interpretation, reducing the attack surface for prompt injection and data exfiltration attacks.
  • Agility in Agent Development: Native SDK support accelerates the deployment of autonomous agents capable of dynamic code generation and execution, facilitating faster iteration for data analysis and automation use cases.

TL;DR

  • Google Cloud 推出 Cloud Run Sandboxes 公共预览版,允许在现有的 Cloud Run 服务实例中毫秒级启动轻量级隔离执行环境,无需额外付费或复杂的基础设施配置。
  • 该功能专为安全执行不可信代码(如 LLM 生成的脚本、用户提交的插件)设计,默认实施零信任安全策略,包括凭据隔离、默认拒绝出站网络访问以及只读文件系统叠加层。
  • 开发者可通过单一标志启用沙箱启动器,并利用内置的 sandbox CLI 二进制文件或新的 Agent Development Kit (ADK) CloudRunSandboxCodeExecutor 以极简方式集成代码执行能力。
  • 核心应用场景涵盖 LLM 代码解释器(数据分析)、无头浏览器自动化(网页抓取)以及平台用户自定义代码执行,旨在解决 AI 代理工作负载中的安全风险与资源隔离问题。

为什么值得看

对于正在构建 AI 代理或需要动态执行用户/模型生成代码的开发者而言,Cloud Run Sandboxes 提供了一种原生、低成本且高安全性的解决方案,消除了以往依赖复杂容器集群或昂贵第三方微 VM 运行时的高门槛。它标志着 Serverless 架构向更复杂的 AI 工作负载扩展的重要一步,通过内置的安全边界和无缝的资源复用,显著降低了在云端安全运行不可信代码的工程复杂度与成本。

技术解析

  • 架构与性能:Cloud Run Sandboxes 是 Cloud Run 服务实例内的轻量级隔离边界,共享宿主实例的 CPU 和内存资源,因此不产生额外费用。示例显示,服务可在平均 500ms 延迟下启动、执行并停止 1,000 个沙箱,实现了近实时的响应速度。
  • 安全机制:采用“默认拒绝”的零信任设计。1) 凭据与环境隔离:沙箱无法访问宿主的环境变量或 Google Cloud 元数据服务器;2) 网络出口锁定:默认禁止所有出站网络流量,防止数据泄露,仅当显式请求时才开放;3) 安全文件系统叠加:沙箱以只读模式挂载容器文件系统,所有写入操作重定向到临时内存叠加层,执行结束后自动丢弃,确保无持久化残留。
  • 开发体验与集成:启用仅需在部署时添加一个标志。系统会自动挂载轻量级的 sandbox CLI 二进制文件,应用可通过标准子进程调用编程式生成沙箱。此外,Google 将在下一版 Agent Development Kit (ADK) 中提供 CloudRunSandboxCodeExecutor,并在 ComputeSDK 中增加支持,实现单行代码集成。
  • 适用语言与场景:支持 Python、R、SQL 等语言的动态执行,适用于 LLM 代码解释器进行数据分析和图表生成,也适用于无头浏览器进行网页研究和截图,以及运行用户上传的自定义脚本或 Webhook。

行业启示

  • AI 代理基础设施标准化:随着 AI 代理从简单的问答转向执行复杂任务(如编码、浏览),安全地执行动态代码将成为标配需求。云厂商提供的原生沙箱解决方案将推动“安全代码执行”成为 AI 应用开发的基础设施标准,而非需要单独构建的复杂模块。
  • Serverless 成本的进一步优化:通过复用现有实例资源而非按需启动独立的虚拟机或容器集群,Cloud Run Sandboxes 展示了 Serverless 架构在降低边缘计算和突发负载成本方面的潜力。这促使开发者重新评估在 Serverless 环境中运行重型或高并发 AI 工作负载的经济性。
  • 安全左移与零信任实践:该功能将安全边界内置于运行时,强调了在 AI 应用中“零信任”原则的重要性。开发者无需手动配置复杂的网络策略或权限隔离,而是依靠平台级的默认安全约束,这将加速合规且安全的 AI 应用的规模化部署。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Gemini Gemini Agent Agent Security 安全 Deployment 部署