OpenAI updated Agents SDK: built-in sandbox and native harness for long-lived agents

OpenAI has updated the Agents SDK, adding native execution in an isolated environment (sandbox execution) and a model-native harness — an architectural layer tightly integrated with the capabilities of a specific model. This enables developers to build long-lived agents that safely work with files, tools, and external systems. Before this update, developing agents based on OpenAI required independent implementation of isolation mechanisms and state management.

The SDK provided tools for function calls and working with threads, but complex scenarios — an agent that reads and modifies files, runs code, accesses external APIs, and does not create security threats — required significant engineering effort from the team. Sandbox execution is the key innovation. An agent can now execute arbitrary code in an isolated environment without direct access to the host system.

This removes one of the main barriers to production deployment of agents: the concern that the model will do something destructive to the file system or network. Isolation is built into the SDK level, rather than being an external add-on that each team assembles anew. Model-native harness is a layer that understands model capabilities and uses them directly.

Instead of wrapping the model in a universal interface, the harness adapts to how the model actually works with tasks, tools, and context. Essentially, this is an attempt to bridge the gap between what the model was trained to do and how the developer applies it. In practice, this means agents will be able to work more robustly and for longer.

Currently, most agent systems are limited to a few steps: the context window fills up, threads are lost, errors accumulate. The new SDK architecture is designed for tasks that take minutes or hours — processing large code bases, automating workflows with multiple tools, research agents that need to iteratively work with documents. The update fits into OpenAI's broader strategy of turning agent capabilities into a production standard.

Previously, the company introduced Operator and Computer Use — tools for controlling browsers and operating systems. Agents SDK is the answer for developers who need a programmable, embeddable agent engine for their own product, not a ready-made UX solution. For the developer community, this is a signal of maturity in OpenAI's agent ecosystem.

The emergence of native sandbox means the company views security not as an optional component, but as part of the SDK's basic infrastructure. This is important: many corporate clients delayed agent deployment specifically due to security concerns and unpredictable model behavior in production. How this will affect competitors is an open question.

Anthropic is developing similar functionality through its own Agent SDK, Google is advancing Agent Space based on Vertex AI. But OpenAI has an advantage in the number of developers already working with its API: each SDK improvement immediately gets a wide audience of early adopters.