* [vArmor v0.9.2](https://github.com/bytedance/vArmor) – Cloud-native container sandbox using AppArmor, BPF LSM, and Seccomp to harden containers and reduce kernel attack surface.

* [Fence v0.1.35](https://github.com/Use-Tusk/fence) – Lightweight, container-free sandbox for running commands with network and filesystem restrictions.

* [gVisor release-20260309.0](https://github.com/google/gvisor) – Application kernel providing strong isolation between applications and the host operating system.

* [Capsule v0.6.5](https://github.com/mavdol/capsule) – Secure, durable runtime for coordinating AI agent tasks in isolated WebAssembly sandboxes.

* [SandboxJS v0.8.34](https://github.com/nyariv/SandboxJS) – Safe JavaScript execution runtime that parses and runs code in a whitelisted, prototype-aware sandbox.

* [K8E v1.35.1-20260303+k8e...](https://github.com/xiaods/k8e) – Lightweight CNCF-conformant Kubernetes distribution optimized for rapid deployment, enterprise high-availability, and secure AI agent sandboxing.