* [IronCurtain v0.11.0](https://github.com/provos/ironcurtain) – Secure runtime for autonomous AI agents enforcing plain-English constitutions compiled into deterministic policies.

* [vm2 v3.11.5](https://github.com/patriksimek/vm2) – Sandbox for running untrusted code with controlled access to Node.js built-in modules and secure context isolation.

* [vArmor v0.10.2](https://github.com/bytedance/vArmor) – Cloud-native container sandbox using AppArmor, BPF LSM, and Seccomp to harden containers and reduce kernel attack surface.

* [BoxLite v0.9.5](https://github.com/boxlite-ai/boxlite) – Lightweight VM substrate for running persistent, OCI-compatible container workspaces with hardware isolation and async-first APIs.

* [Fence v0.1.60](https://github.com/fencesandbox/fence) – Lightweight, container-free sandbox for running commands with network and filesystem restrictions.

* [gVisor release-20260525.0](https://github.com/google/gvisor) – Application kernel providing strong isolation between applications and the host operating system.

* [Fence v0.1.58](https://github.com/Use-Tusk/fence) – Lightweight, container-free sandbox for running commands with network and filesystem restrictions.

* [K8E v1.35.5-20260603-rc1...](https://github.com/xiaods/k8e) – Lightweight CNCF-conformant Kubernetes distribution optimized for rapid deployment, enterprise high-availability, and secure AI agent sandboxing.