Sandboxes were step one. Agents need desktops now.

Sandboxes were step one. Agents need desktops now.

E2B and similar sandbox platforms got something right: let an AI agent run code in an isolated container, get the result, tear it down. Clean, fast, cheap. For running a Python function or processing a CSV, you don't need more than that.

But the work agents do is changing. They browse websites, fill out forms, manipulate documents, run multi-step workflows that stretch over hours. And sandboxes were never built for any of this. They were built for code execution, and they're good at it. The problem is that code execution is becoming a small fraction of what we ask agents to do.

What sandboxes do well

Sandboxes boot in under a second. They cost almost nothing per invocation. They isolate untrusted code cleanly. And they have a dead-simple mental model: input in, output out, environment gone.

For batch jobs, one-shot scripts, and quick data transforms, sandboxes are still the right tool. I'm not arguing they should disappear.

I'm arguing the industry is building increasingly capable agents and then stuffing them into environments designed for running scripts.

Where the model breaks down

Once you move past "run this function, return the result," sandboxes start fighting you.

No persistence

A sandbox dies after every task. Files, configs, context, all gone. You can bolt on a persistence layer, serialize state, reload it into a fresh container. But now you're building state management on top of an architecture whose whole point was being stateless. At some point you're working against the tool, not with it.

An agent iterating on a codebase over three days shouldn't have to reconstruct its environment from scratch every session.

No screen

Most sandboxes give you a terminal. No browser, no GUI, no visual feedback. That was fine when agents just ran scripts. Now we have computer use agents that navigate websites, read visual layouts, and interact with graphical applications.

Try this in a sandbox: "Go to this website, find the pricing page, extract plan details." The agent has to use headless browser automation, parse raw HTML, hope the page doesn't need JavaScript rendering. On a desktop, the agent just opens Chrome and looks at the page. Same as you would.

The GUI isn't a nice-to-have. Most software in the world was designed for it.

No system access

Sandboxes lock down the OS on purpose. You can't install packages, run services, or configure anything at the system level. That's good for security. It also means an agent can't set up a dev environment, install LibreOffice for document processing, or run a database for testing.

These aren't exotic requirements. They're Tuesday.

You can't watch

When an agent runs in a sandbox, you see output after it's done. You can't watch it work, catch it going off-track, or understand why it made a particular decision. For a 5-second code execution, fine. For a 3-hour research task, that's flying blind.

This matters for trust. If you're deploying agents in a business context, you need to verify what they're doing, not just review the final output.

One thing at a time

Sandboxes handle one task per session. But real work involves multiple applications running simultaneously: a browser for research, a terminal for processing, a text editor for notes, a spreadsheet for analysis. All of it persisting between sessions.

That's not an edge case. That's how knowledge work actually works.

What a desktop gives you

We built Le Bureau around a different idea: give the agent the same environment a human would use. Each agent gets a persistent Linux desktop with a graphical interface over VNC. They can open browsers, install software, manage files. The desktop survives between sessions, so work products, configs, and tools stay put.

In practice, this means:

• The agent and the operator see the same screen in real time via VNC streaming. You can watch, intervene, approve actions.
• The disk persists. An agent picks up where it left off without any serialization dance.
• Full OS access. apt install whatever you need. Run services. Configure the system.
• Standard Linux environment, so adding tools is just installing software. No SDK adapters, no wrappers.

Concrete examples

Consider an agent investigating competitor pricing. It needs a real browser with JavaScript rendering, cookies, and the ability to see what the page actually looks like. Headless hacks get you halfway. A desktop with Chrome gets you the rest.

Or document processing: converting Word files to PDF, generating reports from spreadsheets, building presentations. Trivial with LibreOffice on a desktop. In a sandbox, you're limited to command-line converters with spotty format support.

Development is another clear case. An agent setting up a project needs a terminal, an editor, a browser for docs, a test database, and system-level dependencies. A persistent desktop with VS Code and a configured toolchain is a dev environment. A sandbox is a REPL.

Then there's work that spans days: monitoring a pipeline, managing a deployment, running an extended research project. These need persistence, background processes, and the ability to resume after interruptions. The ephemeral sandbox model doesn't fit work without a clear "done in 30 seconds" boundary.

Sandboxes still have their place

If your agent executes a Python function and returns a number, use a sandbox. Faster boot, lower cost, less overhead. Batch processing thousands of independent micro-tasks? Sandboxes are purpose-built for that.

The question isn't "sandbox or desktop." It's about matching the infrastructure to the work. Stateless, short-lived computation belongs in sandboxes. Stateful, long-running, multi-application work belongs on desktops.

Where this is heading

Models can already see screens and manipulate GUIs. That capability is only going to improve, and agents will need richer environments to operate in.

We already see sandbox providers bolting on persistence and GUI streaming. Desktop providers (us included) are working on faster boot times. The two models are converging, and the result will look more like a desktop than a sandbox. The work demands it.

Sandboxes were the right abstraction for agents that execute code. Desktops are the right abstraction for agents that do work.

---

Le Bureau provides persistent cloud desktops for AI agents. Full Linux environment, VNC access, real-time monitoring. Try it free during the beta.