OpenAI is enhancing its Agents SDK with new capabilities designed to empower enterprise governance teams in deploying automated workflows with controlled risk. Historically, moving AI systems from prototype to production has presented significant architectural compromises. While model-agnostic frameworks offered initial flexibility, they often failed to leverage the full potential of advanced frontier models. Conversely, model-provider SDKs, though closer to the underlying models, frequently lacked sufficient visibility into the control harness. Furthermore, managed agent APIs simplified deployment but severely restricted where systems could operate and how they could access sensitive corporate data.

To address these complexities, OpenAI is introducing a model-native harness and native sandbox execution within its Agents SDK. This updated infrastructure ensures that execution aligns with the natural operating patterns of the underlying models, significantly improving reliability, especially for tasks requiring coordination across diverse systems. These innovations aim to provide developers with standardized infrastructure that streamlines deployment and enhances security.

Oscar Health, a prominent healthcare provider, has already experienced the efficiency gains offered by this new infrastructure. The company successfully tested the system to automate a critical clinical records workflow that previous approaches struggled to handle reliably. Oscar Health's engineering team needed an automated solution that could accurately extract metadata while also precisely identifying the boundaries of patient encounters within extensive and complex medical files. By automating this intricate process, Oscar Health can now parse patient histories more rapidly, leading to expedited care coordination and an improved overall member experience.

Rachael Burns, Staff Engineer & AI Tech Lead at Oscar Health, highlighted the impact: “The updated Agents SDK made it production-viable for us to automate a critical clinical records workflow that previous approaches couldn’t handle reliably enough. For us, the difference was not just extracting the right metadata, but correctly understanding the boundaries of each encounter in long, complex records. As a result, we can more quickly understand what’s happening for each patient in a given visit, helping members with their care needs and improving their experience with us.”

The model-native harness is a key component in optimizing AI workflows. Engineers typically grapple with managing vector database synchronisation, mitigating hallucination risks, and optimizing costly compute cycles. Without standardized frameworks, internal teams often resort to constructing fragile, custom connectors. The new model-native harness alleviates this friction by providing configurable memory, sandbox-aware orchestration, and intuitive Codex-like filesystem tools. Developers can seamlessly integrate standardized primitives, including tool use via MCP, custom instructions via AGENTS.md, and file edits using the apply patch tool. Additionally, progressive disclosure through skills and code execution via the shell tool allows the system to perform complex tasks sequentially. This standardization frees engineering teams from constantly updating core infrastructure, enabling them to concentrate on developing domain-specific logic that directly benefits business objectives.

Integrating an autonomous program into a legacy tech stack demands precise routing, especially when accessing unstructured data, which heavily relies on retrieval systems for context. To manage the integration of diverse architectures and contain operational scope, the SDK introduces a Manifest abstraction. This abstraction standardizes how developers define their workspace, allowing them to mount local files and specify output directories. These environments can be directly connected to major enterprise storage providers such as AWS S3, Azure Blob Storage, Google Cloud Storage, and Cloudflare R2. Establishing a predictable workspace provides the model with exact parameters for locating inputs, writing outputs, and maintaining organization during extended operational runs. This predictability is crucial for preventing the system from querying unfiltered data lakes, thereby restricting it to specific, validated context windows. Consequently, data governance teams can track the provenance of every automated decision with enhanced accuracy, from initial local prototype phases through to production deployment.

Security is further enhanced with the SDK's native support for sandbox execution. This feature offers an out-of-the-box layer, allowing programs to run within controlled computer environments that contain only the necessary files and dependencies. This eliminates the need for engineering teams to manually assemble such an execution layer. Organizations can deploy their own custom sandboxes or leverage built-in support for providers like Blaxel, Cloudflare, Daytona, E2B, Modal, Runloop, and Vercel.

Risk mitigation is paramount for any enterprise implementing autonomous code execution. Security teams must operate under the assumption that any system reading external data or executing generated code is vulnerable to prompt-injection attacks and exfiltration attempts. OpenAI addresses this by implementing a fundamental security separation between the control harness and the compute layer. This critical separation ensures that credentials remain entirely isolated, never entering the environments where model-generated code executes. By isolating the execution layer, a malicious injected command is prevented from accessing the central control plane or stealing primary API keys, thus safeguarding the broader corporate network from lateral movement attacks.

This architectural separation also provides significant benefits in addressing compute cost issues stemming from system failures. Long-running tasks frequently fail midway due to factors like network timeouts, container crashes, or API limits. In a scenario where a complex agent tasked with compiling a financial report fails at step nineteen of a twenty-step process, re-running the entire sequence incurs substantial and expensive computing resource costs. However, under the new architecture, if the environment crashes, losing the sandbox container does not equate to losing the entire operational run. Because the system state is externalized, the SDK utilizes built-in snapshotting and rehydration capabilities. This infrastructure can restore the state within a fresh container and seamlessly resume execution precisely from the last checkpoint if the original environment expires or fails. Preventing the necessity to restart expensive, long-running processes directly translates to reduced cloud compute spend.

Scaling these operations is facilitated by dynamic resource allocation. The separated architecture enables runs to invoke single or multiple sandboxes based on current load, route specific subagents into isolated environments, and parallelize tasks across numerous containers for faster execution times. These new capabilities are now generally available to all customers via the API, utilizing standard pricing based on tokens and tool use, without requiring custom procurement contracts. The initial launch provides the new harness and sandbox capabilities for Python developers, with TypeScript support planned for a future release. OpenAI intends to further expand the broader ecosystem by supporting additional sandbox providers and offering more methods for developers to directly integrate the SDK into their existing internal systems, with future capabilities including code mode and subagents for both Python and TypeScript libraries.