====== Deep Agents ======
**Deep Agents** is an agent infrastructure platform designed to provide secure, isolated execution environments for AI agents across multiple backend providers. The platform implements a **sandbox architecture** that enables provider-agnostic deployment while maintaining strict security boundaries through an authentication proxy pattern. This approach addresses critical vulnerabilities in agent systems where credential exposure in prompt-injectable environments represents a significant operational risk (([[https://arxiv.org/abs/2202.07362|Carlini et al. - Extracting Training Data from Large Language Models (2021]]))

===== Platform Architecture =====
Deep Agents operates as an abstraction layer over multiple backend providers, including **Daytona**, **Modal**, **Runloop**, and **LangSmith**, enabling developers to deploy agents without being locked into a single infrastructure provider. The platform's core innovation involves implementing isolated execution sandboxes that separate agent logic from credential management through an **auth proxy pattern**.

The auth proxy architecture functions as a credential intermediary, preventing sensitive authentication tokens and API keys from being directly exposed to agent prompt contexts where they could potentially be extracted through prompt injection attacks. Rather than passing credentials to sandboxed environments, the proxy maintains credentials in a secure layer and mediates all outbound authenticated requests from the agent. This design pattern significantly reduces the attack surface for credential theft while maintaining full functional capability for agent tooling and external API interactions.

===== Sandbox Execution Model =====
The sandbox backends provide isolated execution environments where agent code runs with restricted permissions and network access. By supporting multiple backend providers—including **Daytona** for distributed execution, **Modal** for serverless computation, **Runloop** for specialized agent runtimes, and **LangSmith** for agent monitoring—Deep Agents enables users to select execution environments based on specific performance, cost, or compliance requirements.

This multi-backend approach addresses the challenge of vendor lock-in in agent infrastructure while maintaining consistent security properties across different execution environments. Each backend integration maintains the same authentication proxy pattern, ensuring that credential handling remains consistent regardless of underlying infrastructure (([[https://arxiv.org/abs/2210.03629|Yao et al. - ReAct: Synergizing Reasoning and Acting in Language Models (2022]]))

===== Security and Credential Management =====
Agent systems require access to external APIs and services, creating a fundamental tension between functional capability and security. Deep Agents resolves this through its credential isolation architecture. Rather than storing credentials within agent prompts or sandboxed environments where large language models might expose them, credentials remain exclusively within the secure auth proxy layer.

When agents need to make authenticated API calls, requests are routed through the proxy, which injects credentials at the last possible moment—ensuring they never appear in agent contexts where they could be extracted through prompt injection or model transparency techniques. This approach is particularly important given research demonstrating that language models can inadvertently expose sensitive information encountered during training or in-context processing (([[https://arxiv.org/abs/2307.09009|Carlini et al. - Quantifying Language Models' Sensitivity to Spurious Features in Prompt (2023]]))

===== Use Cases and Applications =====
Deep Agents enables organizations to deploy autonomous agents that require external service integration while maintaining strict security controls. Common applications include:

* **Customer service agents** requiring access to business APIs without exposing API credentials
* **Research assistants** that access multiple data sources through authenticated APIs
* **Workflow automation systems** managing sensitive operations across multiple SaaS platforms
* **Multi-step task execution** where agents must call tools across disparate systems

The platform's provider-agnostic design allows organizations to migrate workloads between backends or implement multi-backend deployment strategies for redundancy and performance optimization (([[https://arxiv.org/abs/2210.11762|Schoop et al. - An Open Source Tool for Agent Evaluation and Development (2023]]))

===== Current Landscape and Integration =====
As of 2026, Deep Agents represents a maturation of agent infrastructure tooling, addressing the practical operational challenges that emerge when deploying language model agents in production environments. The platform integrates with established agent frameworks and monitoring systems, making it accessible to existing agent development workflows while providing backward compatibility with popular agent orchestration patterns.


===== See Also =====

  * [[agent_sandbox|Sandboxed Agent Execution]]
  * [[sandboxed_vulnerability_detection|Sandboxed Parallel Agent Vulnerability Detection]]
  * [[deepagents|Deepagents]]
  * [[managed_agents|Managed Agents]]
  * [[agent_365|Agent 365]]

===== References =====