• 2 min read Vercel Sandbox can now automatically inject HTTP headers into outbound requests from sandboxed code. • This keeps API keys and tokens safely outside the sandbox VM boundary, so apps running inside the sandbox can call authenticated services without ever accessing the credentials. • Header injection is configured as part of the network policy using transform . • When the sandbox makes an HTTPS request to a matching domain, the firewall adds or replaces the specified headers before forwarding the request. • const sandbox = await Sandbox.create({ timeout: 300_000, networkPolicy: { allow: { “ai-gateway.vercel.sh”: [{ transform: [{ headers: { authorization: Bearer ${process.env.AI_GATEWAY_API_KEY} } }], }], }, },}); // Code inside the sandbox calls AI Gateway without knowing the API keyconst result = await sandbox.runCommand(‘curl’, [’-s’, ‘https://ai-gateway.vercel.sh/v1/models’]); This is designed for AI agent workflows where prompt injection is a real threat. • Even if an agent is compromised, there’s nothing to exfiltrate, as the credentials only exist in a layer outside the VM.

Article Summaries:

  • 2 min read Vercel Sandbox can now automatically inject HTTP headers into outbound requests from sandboxed code. This keeps API keys and tokens safely outside the sandbox VM boundary, so apps running inside the sandbox can call authenticated services without ever accessing the credentials. Header injection is configured as part of the network policy using transform . When the sandbox makes an HTTPS request to a matching domain, the firewall adds or replaces the specified headers before forwarding the request. const sandbox = await Sandbox.create({ timeout: 300_000, networkPolicy: { allow: { “ai
  • Vercel Sandbox now supports automatic injection of HTTP headers into outbound requests, allowing API keys and tokens to remain outside the sandboxed VM. By configuring a network policy with a transform rule, the firewall adds or replaces specified headers-such as an Authorization bearer token-before forwarding requests to matching domains. This feature is aimed at AI agent workflows, ensuring that compromised agents cannot exfiltrate credentials. Header injection works with any egress policy, can be updated on a running sandbox, and supports exact or wildcard domain matching. The capability is available to all Pro and Enterprise customers.

Sources: