Isolated microVM sandboxes for AI agents and code execution.
OmniRun runs untrusted code and AI agent workloads inside isolated Firecracker microVMs. Every sandbox boots in under a second with its own Linux kernel -- the same virtualization technology behind AWS Lambda -- so workloads are separated by a hardware boundary, not just a process namespace.
When a sandbox is destroyed, everything inside it is gone. There is no shared state between sandboxes and no path from a sandbox to the host.
AI agents now write and run their own code. Running that code in shared containers or process sandboxes is not a responsible default -- container escapes are well documented, and an agent's code is untrusted by definition. OmniRun gives each agent a disposable virtual machine of its own, so a single API call gets you isolation strong enough to run anything.
We also self-host Claude Managed Agents: Anthropic runs the agent loop and model while every tool call executes in a microVM on your own EU-resident infrastructure, keeping your files and repositories inside your perimeter.
OmniRun is built and operated by A14A B.V. Sandboxes run in Hetzner data centers in Germany, and all data stays in the EU. We follow SOC 2-aligned practices.
Have a question or want to talk through a use case? Email us at hello@omnirun.io.