Perplexity’s Sandbox API is designed to let AI agents execute code in isolated environments, reducing the risk of unintended interactions with your systems. It focuses on containerised Python and Bash execution with file and process support, plus pause/resume state for iterative workflows. Used well, it turns “agent tool use” into something you can govern.

Agentic workflows quickly hit a wall when they need to do deterministic work: parse a CSV, run calculations, transform files, or generate a report. You can hand those steps back to your own infrastructure — but then you inherit the security and operational risk.

Perplexity’s Sandbox API is designed to bridge that gap: a controlled environment where agents can run code safely, with isolation and resource boundaries built in.

What is the Sandbox API?

Perplexity describes the Sandbox API as an isolated execution layer for Python and Bash, intended for agent workflows where code execution is required but needs strong containment.

In short: it gives an agent a place to run code without giving it the keys to your production environment.

What’s new / why it matters

If you’re building agents, you’ll recognise the pattern:

• the model plans a workflow

• it needs to run code to validate outputs or transform data

• it needs a safe execution environment to do that reliably

A well-designed sandbox can reduce risk and improve quality. Instead of the model “guessing” the result, it can compute it.

How it’s designed to work

Perplexity’s roadmap describes Sandbox API capabilities that matter for real workflows:

• Per-sandbox containers for stronger isolation

• Python and Bash execution

• Support for file operations and background processes

• Pause/resume state persistence so longer workflows can proceed iteratively

This is the difference between a toy interpreter and something you can actually build workflows around.

How it fits with the Agent API runtime

Perplexity has also described Sandbox API as a tool that will be available within the Agent API. Practically, that means your agent can:

• use integrated search to gather information

• call tools (including your custom tools)

• delegate deterministic execution to the sandbox when it needs to run code

This is a powerful pattern: reason in the model, compute in the sandbox, act via tools.

Practical workflows to start with

To deploy safely, start with use cases where sandboxing is clearly valuable and the blast radius is small.

1) Data cleaning and transformation

• parse CSV exports

• standardise columns

• generate validated summary tables

2) Reporting and pack generation

• compute KPIs and variance tables

• generate chart-ready datasets

• export a PDF or slide-ready assets (where supported)

3) QA for agent outputs

• validate calculations

• run unit checks against expected ranges

• detect missing fields before outputs go to humans

4) Lightweight automation

• convert formats (JSON ↔ CSV)

• create templated artefacts

• run controlled scripts with strict limits

Safety and governance best practice

Even with isolation, you still need operational guardrails.

A practical checklist:

• time limits (per execution and per workflow)

• resource quotas (CPU/memory/file size)

• network policy (what the sandbox can and can’t reach)

• approval points for any action that touches production systems

• logging/traceability (inputs, code executed, outputs, and tool calls)

If you’re using sandboxes to enable automation, treat them as part of your security boundary.

Limitations to plan for

Because Sandbox API is described as upcoming/in progress, plan for staged availability and evolving documentation.

Also remember that sandboxing solves execution risk — not decision risk. You still need policies for what the agent is allowed to attempt.

Where Generation Digital can help

Generation Digital helps organisations move from “agent demos” to governed, repeatable workflows.

We can support:

• selecting high-value workflows that benefit from sandbox execution

• designing safe tool boundaries and approval steps

• building templates so outputs stay consistent across teams

• integrating sandboxes with your work management and knowledge systems

Summary

Perplexity’s Sandbox API is designed to bring secure, isolated Python and Bash execution into agent workflows — with container isolation, file/process support, and pause/resume state for iterative tasks. Used well, it makes agent systems more reliable while reducing the risks of running code directly on your infrastructure.

Next steps: If you want to explore a safe pilot for agentic workflows (including sandboxed execution), speak with Generation Digital: https://www.gend.co/contact

FAQs

1) What is the Sandbox API?
It’s Perplexity’s planned API for executing Python and Bash in isolated sandbox environments, designed for agentic workflows that need deterministic code execution.

2) How does the Sandbox API enhance AI safety?
By running code in per-sandbox containers with controlled resources, it reduces the chance of unintended interactions with your production systems. It also supports predictable, testable execution for calculations and transformations.

3) Who can benefit from the Sandbox API?
Developers building agentic workflows, and organisations that need stronger controls around tool execution—especially when workflows involve data transformation, reporting, or automated steps.

4) Is Sandbox API available inside Agent API?
Perplexity has indicated Sandbox API will be available as a tool within Agent API so the runtime can delegate deterministic code execution.

5) What should we sandbox vs keep out of the sandbox?
Sandbox deterministic steps (calculations, transformations, validations). Keep high-impact actions (payments, permissions changes, production writes) behind explicit tools and human approvals.