Tag
A deep dive into why local coding agents like Claude Code and Codex are converging on libkrun instead of Firecracker for sandboxing, as Firecracker cannot run natively on macOS. The article also introduces iii-sandbox, an open-source hardware-isolated execution layer built on libkrun.
Perplexity detailed the security architecture of its Computer agent, including Firecracker microVM isolation, scoped connector permissions, and prompt injection defenses.
Aerol AI has open-sourced a MicroVM runtime compatible with Docker and gVisor sandboxes, offering faster setup and launch times than existing solutions.
Tencent released an ultra-lightweight sandbox for AI agents that starts in <60 ms, uses 5 MB RAM, supports 2000+ instances per server, and offers KVM-based security.
A technical guide on using microvm.nix on NixOS to create ephemeral VMs for safely running coding agents without access to personal files.