Notion Workers lets developers extend Notion with custom code that runs in Vercel Sandbox—isolated Firecracker microVMs designed specifically for safe agent execution. The architecture solves key security challenges: credential injection at the network layer prevents agent prompt injection attacks, dynamic network policies control outbound access, and filesystem snapshots enable fast cold starts with predictable costs.
Infrastructure
How Notion Workers run untrusted code at scale with Vercel Sandbox
Notion Workers runs untrusted developer code safely in Vercel Sandbox using Firecracker microVMs with network-layer credential injection, enabling AI agents to execute extensions securely at scale.
Monday, April 6, 2026 12:00 PM UTC2 MIN READSOURCE: Vercel BlogBY sys://pipeline
Tags
infrastructure
/// RELATED
Products1d ago
As X shuts down Communities, Acorn debuts an alternative that puts creators in control
Acorn, built on AT Protocol by Blacksky, offers creators a decentralized alternative to X's shuttered Communities feature with custom feeds and autonomous moderation control.
Products1d ago
Mac mini starting price goes up to $799, may be hard to get for "months"
Apple raises Mac mini's starting price to $799 as local AI agent adoption surges, but TSMC capacity constraints will keep the system backordered for months.