Google unveils GKE Agent Sandbox and Hypercluster at Cloud Next '26

Google used Cloud Next '26 to introduce two major GKE features aimed at AI builders: GKE Agent Sandbox, which isolates untrusted agent code, and GKE hypercluster, a private GA control plane designed to manage very large accelerator fleets. The company positioned these releases as part of making Kubernetes the operating system for the AI era and said GKE now powers AI workloads for all of its top 50 customers, including the largest frontier model builders.

GKE Agent Sandbox provides kernel — level isolation using gVisor and emerged from the Kubernetes SIG Apps work first shown at KubeCon North America 2025. Google reports the sandbox can provision about 300 sandboxes per second with sub-second latency, supports warm pools that cut cold starts to under one second, and claims up to 30% better price — performance when running on Axion versus other hyperscale clouds.

The sandbox exposes three new Kubernetes primitives: Sandbox as the core workload resource, SandboxTemplate as a security blueprint, and SandboxClaim as a transactional request resource intended for higher — level frameworks such as ADK or LangChain. Google designed these primitives so any Kubernetes cluster can run Agent Sandbox, not only GKE, reflecting the project's open-source orientation.

Early production use is already visible. Lovable, a platform that supports more than 200,000 new AI-generated projects daily, is running production workloads on Agent Sandbox; co‑founder Fabian Hedin said the sandboxing capabilities let the company scale to hundreds of secure sandboxes per second and handle massive, unpredictable demand. GKE product leads Drew Bradstock and Gari Singh framed the work as part of a broader push to make Kubernetes the agent runtime.

The agent — sandbox space is now a three — way technical competition. Cloudflare has shipped Sandboxes GA using container — based isolation and offers V8 isolate — based Dynamic Workers for lighter workloads, while E2B uses Firecracker microVMs. Alex Gkiouros, a Google Cloud Ambassador and staff architect, noted that GKE Agent Sandbox is currently the only native agent — sandbox offering among the three major hyperscalers — a distinction Google emphasizes through its open-source approach. GKE hypercluster, released into private GA, targets the opposite scaling problem: fragmented infrastructure and operational overhead. A conformant single GKE control plane can manage up to a million chips distributed across 256,000 nodes and multiple regions, consolidating operations while spanning wide, heterogeneous deployments.

Security for hypercluster relies on Google's Titanium Intelligence Enclave, a hardware — attested, "no-admin-access" model that cryptographically seals proprietary model weights and prompts from platform administrators. Observers caution that a single control plane at this scale raises blast — radius and change — management concerns, making the private GA rollout an appropriate stage for further evaluation and hardening.