Cloudflare Dynamic Worker Loader: Sandboxing AI Agents with Isolates

What Dynamic Worker Loader Does
Dynamic Worker Loader is an API that enables a Cloudflare Worker to create a new Worker with code specified at runtime, running in its own secure sandbox. This addresses the security need for executing AI-generated code without exposing your application to vulnerabilities.
Technical Implementation
The feature uses isolates—instances of the V8 JavaScript execution engine—as the underlying sandboxing mechanism. Isolates start in a few milliseconds and use a few megabytes of memory, making them approximately 100x faster and 10x-100x more memory efficient than typical Linux containers.
Here's the basic code pattern from the source:
// Have your LLM generate code like this.
let agentCode: string = `
export default {
async myAgent(param, env, ctx) {
// ...
}
}
`;
// Load a worker to run the code
let worker = env.LOADER.load({
compatibilityDate: "2026-03-01",
mainModule: "agent.js",
modules: {
"agent.js": agentCode
},
env: {
CHAT_ROOM: chatRoomRpcStub
},
globalOutbound: null,
});
// Call RPC methods exported by the agent code
await worker.getEntrypoint().myAgent(param);
Key Capabilities
- No global concurrency limits: Unlike container-based solutions, there are no limits on concurrent sandboxes or creation rate
- Zero latency: Dynamic Workers typically run on the same machine and thread as the creating Worker
- Global deployment: Supported in all of Cloudflare's hundreds of locations worldwide
- Security controls: Can block internet access (globalOutbound: null) or intercept it
- RPC-based API access: Agents can access specific APIs through RPC stubs defined in the env parameter
Context and Limitations
This approach builds on Cloudflare's Code Mode concept where agents write code instead of making tool calls. The main limitation versus containers is that agents need to write JavaScript (though Workers technically support Python and WebAssembly). For small code snippets generated by AI agents, JavaScript loads and runs faster.
📖 Read the full source: HN AI Agents
👀 See Also

Artificial-life: A 300-line Python reproduction of Computational Life research
A Python implementation reproducing the Computational Life paper, where 240x135 grid of Brainfuck-like programs interact and evolve self-replicating code through random pairing and instruction tape concatenation.

Memento v1.0: Persistent Memory MCP Server for Claude Code with 17 Tools
Memento v1.0 is a persistent memory MCP server for Claude Code that ships with 17 tools, hybrid search, contradiction detection, and a visual memory graph. It runs locally with no cloud dependencies and supports multiple IDEs including Claude Code, Cursor, Windsurf, and OpenCode.

Cold Validation Architecture: Dual-Agent Code Review System Open-Sourced
Open-sourced system uses two separate AI agents for code validation: one builds code, another reviews it with zero context about the builder's reasoning. The reviewer only sees plan documents, code diffs, and test outputs.

Sponsio: Deterministic Guard Rails for OpenClaw — Blocking 'Legal but Wrong' Tool Calls
Open-source tool that sits at the tool boundary, evaluating each call with temporal logic contracts (~0.14ms p50). Prevents agents from editing files outside the working directory, force-pushing, or running migrations against the wrong database.