How LLM‑in‑Sandbox Turns Large Models into General‑Purpose Agents Without Extra Training

Paradigm Evolution

Pure text generation – GPT‑3 – constrained by context length and hallucinations.

Chain‑of‑thought – CoT – long reasoning steps but unverifiable.

Tool calling – ChatGPT Plugins – fixed tool set, not dynamically extensible.

LLM‑in‑Sandbox – this work – arbitrary tools, verifiable, extensible, multimodal.

Core Idea: Treat the "computer" as a new LLM context

The sandbox abstracts three meta‑capabilities:

External access : curl / pip / apt can install any package.

Storage : a file system acts as unlimited external memory.

Execution : Python or bash commands run instantly for result verification.

Table‑style comparisons (omitted) highlight design differences between traditional software‑engineer agents and LLM‑in‑Sandbox.

Training‑Free Experiments: Strong Models "Play" a Computer

4.1 Experimental Setup

Evaluated seven models: Claude‑4.5, GPT‑5, DeepSeek‑V3.2, MiniMax‑M2, Kimi‑K2, Qwen‑Coder‑30B, Qwen‑4B.

Six domains: Mathematics (AIME), Physics (UGPhysics), Chemistry (ChemBench), Medicine (MedXpert), Long‑text (AA‑LCR), Instruction Following (IFBench).

4.2 Results Overview

Absolute accuracy and the delta between sandbox and pure‑text baselines show that stronger models gain larger improvements (up to +24.2%), while the smallest model (Qwen‑4B) actually loses performance because it cannot effectively use the computer.

Conclusion: The stronger the model, the larger the benefit; weak models may suffer a drop.

Reinforcement‑Learning Extension: Teaching Weak Models to Use a Computer

5.1 LLM‑in‑Sandbox‑RL

Only generic context tasks (encyclopedia, novels, forum posts) are used as reward signals, requiring zero code‑domain data . The key technique is to place the context under the /testbed/documents/ directory, forcing the model to actively search for answers.

5.2 Post‑Training Effects

After RL fine‑tuning, Qwen‑4B surpasses its baseline across all tasks, demonstrating that even modest models can acquire "computer‑using" abilities.

Behavior Analysis: How Do Strong Models "Play" a Computer?

Statistical breakdown of actions per task reveals:

Mathematics : 43.4% of steps involve numeric computation.

Chemistry : 18.4% of steps install or call external libraries such as RDKit or OPSIN.

Long‑text : Frequent file I/O but no network requests.

Efficiency and Deployment: The Sandbox Is Cheap

7.1 Token Cost

For long‑text tasks, token usage drops up to 90% (e.g., from 100 K to 13 K tokens), and overall tasks see a 5‑8× reduction.

7.2 Throughput and Resources

Environment token handling uses fast prefill, accounting for 50% of tokens but less than 4% of latency.

One container idles at only 50 MB; 512 concurrent instances consume only 5% of memory.

Storage shrinks from terabytes to 1.1 GB with a generic image.

Beyond Text: Four Multi‑Modal Case Studies

LLM‑in‑Sandbox can generate rich outputs from pure‑text prompts:

Travel planning → interactive Tokyo map in HTML.

Meeting schedule JSON → professional poster in PNG/SVG.

Birthday theme → 11‑second countdown video (MP4).

Style description → original piano piece in MIDI, WAV, and sheet music.

References

https://arxiv.org/pdf/2601.16206

LLM‑in‑Sandbox Elicits General Agentic Intelligence

https://github.com/llm-in-sandbox/llm-in-sandbox