TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
 
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
NEW! Try Stackie AI
Cloud Native Ecosystem Containers Databases Edge Computing Infrastructure as Code Linux Microservices Open Source Networking Storage
Why WebAssembly won't replace Kubernetes but makes Helm more secure
Mar 21st 2026 8:45am, by B. Cameron Gain
Why the ‘glorified host’ for AI is exactly the Kubernetes we need
Mar 20th 2026 9:00am, by Danielle Cook
Linux kernel scale is swamping an already-flawed CVE system
Mar 20th 2026 4:30am, by Jed Salazar
Sampling: the philosopher's stone of distributed tracing
Mar 19th 2026 8:00am, by Michele Mancioppi
What is KubeVirt and why it’s growing
Mar 17th 2026 9:00am, by Tiago Castro
Edera spent years calling KVM less secure. Here's why it changed its mind.
Mar 25th 2026 2:22pm, by Steven J. Vaughan-Nichols
Minimus aims to solve one of open-source's long-festering problems
Mar 24th 2026 3:00am, by Adrian Bridgwater
How to deploy Pi-Hole with Docker and stop ads on every device on your LAN
Mar 23rd 2026 7:44am, by Jack Wallen
Chainguard has a fix for the open source packages your AI agents keep grabbing
Mar 18th 2026 9:24am, by Darryl K. Taft
Chainguard thinks most DevOps teams are solving container security the hard way
Mar 17th 2026 1:04pm, by Steven J. Vaughan-Nichols
Scaling Btrfs to petabytes in production: a 74% cost reduction story
Mar 18th 2026 5:00am, by Motiejus Jakštys
The “files are all you need” debate misses what's actually happening in agent memory architecture
Mar 13th 2026 5:00am, by Mikiko Bazeley
With GridGain acquisition, MariaDB bets on in-memory computing and Apache Ignite
Mar 10th 2026 6:47am, by Paul Sawers
Moving AI apps from prototype to production requires enterprise-grade postgres infrastructure
Mar 9th 2026 7:00am, by Meredith Shubel
Why the "bible" of data systems is getting a massive rewrite for 2026
Mar 4th 2026 5:00am, by Cynthia Dunlop
Developers are coding to a moving target, and nobody knows where AI lands next
Mar 3rd 2026 7:33am, by Adrian Bridgwater
Cloudflare’s new Markdown support shows how the web is evolving for AI agents
Mar 2nd 2026 4:30am, by David Eastman
React Server Components Vulnerability Found
Dec 6th 2025 7:00am, by Loraine Lawson
Kubernetes at the Edge: Lessons From GE HealthCare’s Edge Strategy
Nov 24th 2025 10:00am, by Vicki Walker
Building a Cloud-to-Edge Architecture Across 40K Global Locations
Nov 20th 2025 10:00am, by Vicki Walker
Why "automated" infrastructure might cost more than you think
Feb 24th 2026 4:00am, by Justyn Roberts
Why 40% of AI projects will be canceled by 2027 (and how to stay in the other 60%)
Feb 13th 2026 6:00am, by Alex Drag
Durable Execution: Build reliable software in an unreliable world
Feb 2nd 2026 3:23pm, by Charles Humble
Terraform challenger Formae expands to more clouds
Jan 28th 2026 6:00am, by Joab Jackson
IBM HashiCorp 'Sunsets' Terraform's External Language Support
Dec 12th 2025 2:00pm, by Joab Jackson
Edera spent years calling KVM less secure. Here's why it changed its mind.
Mar 25th 2026 2:22pm, by Steven J. Vaughan-Nichols
Linux kernel scale is swamping an already-flawed CVE system
Mar 20th 2026 4:30am, by Jed Salazar
Scaling Btrfs to petabytes in production: a 74% cost reduction story
Mar 18th 2026 5:00am, by Motiejus Jakštys
Chainguard thinks most DevOps teams are solving container security the hard way
Mar 17th 2026 1:04pm, by Steven J. Vaughan-Nichols
Tromjaro is a free-trade Linux distribution with plenty to offer
Mar 14th 2026 11:00am, by Jack Wallen
Tetrate launches open source marketplace to simplify Envoy adoption
Mar 11th 2026 10:52am, by Adrian Bridgwater
OpenTelemetry roadmap: Sampling rates and collector improvements ahead
Feb 24th 2026 11:00am, by B. Cameron Gain
Merging To Test Is Killing Your Microservices Velocity
Dec 16th 2025 7:00am, by Arjun Iyer
IBM’s Confluent Acquisition Is About Event-Driven AI
Dec 11th 2025 6:00am, by Joab Jackson
Deploy Agentic AI Workflows With Kubernetes and Terraform
Nov 26th 2025 9:00am, by Oladimeji Sowole
Edera spent years calling KVM less secure. Here's why it changed its mind.
Mar 25th 2026 2:22pm, by Steven J. Vaughan-Nichols
Broadcom donates Velero to CNCF — and it could reshape how Kubernetes users handle backup and disaster recovery
Mar 24th 2026 8:38am, by B. Cameron Gain
Minimus aims to solve one of open-source's long-festering problems
Mar 24th 2026 3:00am, by Adrian Bridgwater
China is winning the open source AI race — but a US company still controls everything underneath
Mar 20th 2026 10:46am, by Paul Sawers
From pillars to platform: How open observability data is changing the industry
Mar 20th 2026 6:00am, by Ted Young
How to deploy Pi-Hole with Docker and stop ads on every device on your LAN
Mar 23rd 2026 7:44am, by Jack Wallen
Why flat Kubernetes networks fail at scale
Mar 20th 2026 7:00am, by Reza Ramezanpour
GSMA Open Gateway offers developers one API for 300+ mobile networks
Mar 4th 2026 10:26am, by Adrian Bridgwater
How Homepage simplifies monitoring your self-hosted services
Feb 6th 2026 8:00am, by Jack Wallen
S3 is the new network: Rethinking data architecture for the cloud era
Feb 2nd 2026 4:00am, by Max Liu
Scaling Btrfs to petabytes in production: a 74% cost reduction story
Mar 18th 2026 5:00am, by Motiejus Jakštys
What is KubeVirt and why it’s growing
Mar 17th 2026 9:00am, by Tiago Castro
S3 is the new network: Rethinking data architecture for the cloud era
Feb 2nd 2026 4:00am, by Max Liu
Agoda’s secret to 50x scale: Getting the database basics right
Jan 28th 2026 7:00am, by Cynthia Dunlop
Chainguard EmeritOSS backs MinIO, other orphaned projects
Jan 27th 2026 6:15am, by Steven J. Vaughan-Nichols
AI AI Engineering API Management Backend development Data Frontend Development Large Language Models Security Software Development WebAssembly
Claude can now open apps, click buttons, and complete tasks on your Mac — but Anthropic says risks remain
Mar 25th 2026 4:36am, by
Ai2 launches MolmoWeb, an open-source web agent
Mar 24th 2026 9:07am, by
Four prompt engineering patterns every developer should know — and why "draw a cat" explains them all
Mar 23rd 2026 11:00am, by
China is winning the open source AI race — but a US company still controls everything underneath
Mar 20th 2026 10:46am, by
Cursor's Composer 2 beats Opus 4.6 on coding benchmarks at a fraction of the price
Mar 19th 2026 8:39am, by
Why online stores keep showing the wrong products — and why tensors fix it
Mar 25th 2026 6:00am, by
OpenClaw's biggest security flaw is why Jentic Mini exists
Mar 25th 2026 5:00am, by
Why most AI projects fail after the demo actually works
Mar 25th 2026 4:00am, by
PwC's AI agents are now your consultants -- whether you're ready or not
Mar 24th 2026 6:00am, by
Four prompt engineering patterns every developer should know — and why "draw a cat" explains them all
Mar 23rd 2026 11:00am, by
MCP is everywhere, but don't panic. Here's why your existing APIs still matter.
Mar 23rd 2026 5:00am, by and
Before you let AI agents loose, you’d better know what they’re capable of
Mar 12th 2026 1:22pm, by
GSMA Open Gateway offers developers one API for 300+ mobile networks
Mar 4th 2026 10:26am, by
Your AI strategy is built on layers of API sediment
Feb 17th 2026 9:37am, by
Solving the Problems That Accompany API Sprawl With AI
Jan 15th 2026 1:00pm, by
Backend Development in 2026: What's Changed, What Matters, and What to Learn Next
Mar 19th 2026 11:37am, by
How To Get DNS Right: A Guide to Common Failure Modes
Dec 24th 2025 8:00am, by and
Combining Rust and Python for High-Performance AI Systems
Dec 3rd 2025 1:00pm, by
How MCP Uses Streamable HTTP for Real-Time AI Tool Interaction
Aug 18th 2025 10:34am, by
A Backend for Frontend: Watt for Node.js Simplifies Operations
Aug 14th 2025 6:00am, by
Fivetran donates its SQLMesh data transformation framework to the Linux Foundation
Mar 25th 2026 7:39am, by
Ex-Snowflake engineers say there's a blind spot in data engineering — so they built Tower to fix it
Mar 15th 2026 7:00am, by
Why the "bible" of data systems is getting a massive rewrite for 2026
Mar 4th 2026 5:00am, by
How to clone a drive to an image with Clonezilla
Mar 3rd 2026 1:00pm, by
Databases weren’t built for agent sprawl – SurrealDB wants to fix it
Feb 24th 2026 2:07pm, by
WebMCP turns any Chrome web page into an MCP server for AI agents
Mar 17th 2026 11:50am, by
Confluent adds A2A support, anomaly detection, and Queues for Kafka in major platform update
Mar 3rd 2026 10:21am, by
Google's Chrome browser moves to a two-week release cycle
Mar 3rd 2026 9:00am, by
Meta gave React its own foundation. But it's not letting go just yet.
Mar 3rd 2026 4:00am, by
The shift left hangover: Why modern platforms are shifting down to cure developer fatigue
Jan 30th 2026 6:22pm, by
Why most AI projects fail after the demo actually works
Mar 25th 2026 4:00am, by
IBM, Red Hat, and Google just donated a Kubernetes blueprint for LLM inference to the CNCF
Mar 24th 2026 8:20am, by
Andrej Karpathy's 630-line Python script ran 50 experiments overnight without any human input
Mar 14th 2026 5:00am, by
"Self-healing" IT? HPE research explores how AI-trained models can catch silent infrastructure failures
Mar 11th 2026 9:37am, by
How context rot drags down AI and LLM results for enterprises, and how to fix it
Mar 9th 2026 9:00am, by
OpenClaw's biggest security flaw is why Jentic Mini exists
Mar 25th 2026 5:00am, by
WebAssembly could solve AI agents' most dangerous security gap
Mar 24th 2026 9:01am, by
Minimus aims to solve one of open-source's long-festering problems
Mar 24th 2026 3:00am, by
What a security audit of 22,511 AI coding skills found lurking in the code
Mar 22nd 2026 7:00am, by
Why WebAssembly won't replace Kubernetes but makes Helm more secure
Mar 21st 2026 8:45am, by
Why online stores keep showing the wrong products — and why tensors fix it
Mar 25th 2026 6:00am, by
Will AI force code to evolve or make it extinct?
Mar 22nd 2026 6:00am, by
Backend Development in 2026: What's Changed, What Matters, and What to Learn Next
Mar 19th 2026 11:37am, by
Jellyfish AI development study: The real sting has yet to land
Mar 19th 2026 11:01am, by
Sampling: the philosopher's stone of distributed tracing
Mar 19th 2026 8:00am, by
WebAssembly could solve AI agents' most dangerous security gap
Mar 24th 2026 9:01am, by
How WebAssembly plugins simplify Kubernetes extensibility
Mar 3rd 2026 2:00pm, by
WebAssembly is everywhere. Here's how it works
Feb 25th 2026 11:00am, by
Wasm vs. JavaScript: Who wins at a million rows?
Feb 22nd 2026 6:00am, by
How WebAssembly and Web Workers prevent UI freezes
Feb 7th 2026 9:00am, by
AI Operations CI/CD Cloud Services DevOps Kubernetes Observability Operations Platform Engineering
HPE's AI agents cut root cause analysis time in half
Mar 25th 2026 7:14am, by Jennifer Riggins
Why most AI projects fail after the demo actually works
Mar 25th 2026 4:00am, by Oladimeji Sowole
From pillars to platform: How open observability data is changing the industry
Mar 20th 2026 6:00am, by Ted Young
Building a Kubernetes-native pattern for AI infrastructure at scale
Mar 19th 2026 5:00am, by Sachi Desai
The AI blind spot debt: the hidden cost killing your innovation strategy
Mar 17th 2026 7:00am, by Yuval Fernbach
This simple infrastructure gap is holding back AI productivity
Feb 22nd 2026 8:00am, by Charlotte Fleming
Ramp’s Inspect shows closed-loop AI agents are software’s future
Jan 29th 2026 11:00am, by Arjun Iyer
QCon chat: Is agentic AI killing continuous integration?
Jan 27th 2026 6:00am, by Joab Jackson
Async Rust: Pinning demystified
Jan 26th 2026 11:00am, by Anshul Gupta
A security checklist for your React and Next.js apps
Jan 26th 2026 7:00am, by Crystal Morin
A practical guide to the 6 categories of AI cloud infrastructure in 2026
Mar 15th 2026 5:00am, by Janakiram MSV
Runpod report: Qwen has overtaken Meta's Llama as the most-deployed self-hosted LLM
Mar 12th 2026 6:00am, by Adrian Bridgwater
Snowflake Cortex Code CLI adds dbt and Apache Airflow support for AI-powered data pipelines
Mar 8th 2026 6:00am, by Jelani Harper
Databases weren’t built for agent sprawl – SurrealDB wants to fix it
Feb 24th 2026 2:07pm, by Paul Sawers
Rising identity complexity: How CISOs can prevent it from becoming an attacker’s roadmap
Feb 19th 2026 12:47pm, by Jay Reddy
One developer, team power: The future of AI-driven DevSecOps
Mar 5th 2026 2:29pm, by Bryan Ross
Observability platform migration guide: Prometheus, OpenTelemetry, and Fluent Bit
Feb 26th 2026 7:28am, by Katie Greenley
Most platform teams build products, but they don’t know it
Feb 24th 2026 9:00am, by Oleg Danilyuk
Why "automated" infrastructure might cost more than you think
Feb 24th 2026 4:00am, by Justyn Roberts
The essential shift every ITOps leader must make to survive an unrelenting stream of incidents
Feb 19th 2026 1:46pm, by Ariel Russo
Your Kubernetes isn't ready for AI workloads, and drift is the reason
Mar 25th 2026 8:43am, by TNS Staff
Broadcom donates Velero to CNCF — and it could reshape how Kubernetes users handle backup and disaster recovery
Mar 24th 2026 8:38am, by B. Cameron Gain
IBM, Red Hat, and Google just donated a Kubernetes blueprint for LLM inference to the CNCF
Mar 24th 2026 8:20am, by Steven J. Vaughan-Nichols
Why WebAssembly won't replace Kubernetes but makes Helm more secure
Mar 21st 2026 8:45am, by B. Cameron Gain
Why the ‘glorified host’ for AI is exactly the Kubernetes we need
Mar 20th 2026 9:00am, by Danielle Cook
From pillars to platform: How open observability data is changing the industry
Mar 20th 2026 6:00am, by Ted Young
Sampling: the philosopher's stone of distributed tracing
Mar 19th 2026 8:00am, by Michele Mancioppi
Why your observability bill keeps growing (and it's not your vendor's fault)
Mar 18th 2026 4:00am, by Juraci Paixão Kröhling
Why agentic AI stalls in production — and how a control plane fixes it
Mar 17th 2026 6:00am, by TNS Staff
Why AI workloads are breaking traditional Kubernetes observability strategies
Mar 16th 2026 7:04am, by TNS Staff
HPE's AI agents cut root cause analysis time in half
Mar 25th 2026 7:14am, by Jennifer Riggins
WebAssembly could solve AI agents' most dangerous security gap
Mar 24th 2026 9:01am, by B. Cameron Gain
Kubernetes co-founder Brendan Burns: AI-generated code will become as invisible as assembly
Mar 24th 2026 7:20am, by Frederic Lardinois
Exton Linux's light version will "enlighten" you
Mar 24th 2026 5:43am, by Jack Wallen
Minimus aims to solve one of open-source's long-festering problems
Mar 24th 2026 3:00am, by Adrian Bridgwater
Your Kubernetes isn't ready for AI workloads, and drift is the reason
Mar 25th 2026 8:43am, by TNS Staff
Capital One deprecated an AI tool it once championed. Its DevEx chief says that's the point.
Mar 18th 2026 8:02am, by Jennifer Riggins
From monolith to global mesh: How Uber standardized ML at scale
Mar 17th 2026 4:00am, by Eric Wang and Ying Zheng
Why enterprise software development needs air traffic control
Mar 4th 2026 2:35pm, by Emilio Salvador
Why traditional ITOps is failing to keep up with the unique nature of AI incidents
Mar 4th 2026 10:00am, by Kat Gaines
C++ Developer tools Go Java JavaScript Programming Languages Python Rust TypeScript
Open source USearch library jumpstarts ScyllaDB vector search
Feb 5th 2026 12:00pm, by Jelani Harper
AWS WAF vs. Google Cloud Armor: A Multicloud Security Showdown
Nov 25th 2025 10:00am, by Advait Patel
Goodbye Dashboards: Agents Deliver Answers, Not Just Reports
Nov 23rd 2025 9:00am, by Ketan Karkhanis
Rust vs. C++: a Modern Take on Performance and Safety
Oct 22nd 2025 2:00pm, by Zziwa Raymond Ian
Building a Real-Time System Monitor in Rust Terminal
Oct 15th 2025 7:05am, by Tinega Onchari
OpenAI acquires Astral to bring open source Python developer tools to Codex — but details are still fuzzy
Mar 20th 2026 7:33am, by Meredith Shubel
Jellyfish AI development study: The real sting has yet to land
Mar 19th 2026 11:01am, by Adrian Bridgwater
Sauce Labs wants to solve an AI-created problem nobody wanted to work on
Mar 18th 2026 9:19am, by Frederic Lardinois
Capital One deprecated an AI tool it once championed. Its DevEx chief says that's the point.
Mar 18th 2026 8:02am, by Jennifer Riggins
Cursor built a fleet of security agents to solve a familiar frustration
Mar 16th 2026 11:17am, by Frederic Lardinois
Go Experts: 'I Don't Want to Maintain AI-Generated Code'
Sep 28th 2025 6:00am, by David Cassel
How To Run Kubernetes Commands in Go: Steps and Best Practices 
Jun 27th 2025 8:00am, by Sunny Yadav
Prepare Your Mac for Go Development
Apr 12th 2025 7:00am, by Damon M. Garn
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by Loraine Lawson
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Java 26 lands without an LTS badge. Here's why developers should care anyway.
Mar 18th 2026 9:35am, by Darryl K. Taft
62% of enterprises now use Java to power AI apps
Feb 10th 2026 12:58pm, by Darryl K. Taft
BellSoft bets Java expertise can beat hardened container wave
Jan 26th 2026 3:00pm, by Darryl K. Taft
Java Developers Get Multiple Paths To Building AI Agents
Dec 26th 2025 7:02am, by Darryl K. Taft
Your Enterprise AI Strategy Must Start With Java, Not Python
Dec 22nd 2025 1:00pm, by Michael Coté
TypeScript 6.0 RC arrives as a bridge to a faster future
Mar 14th 2026 9:00am, by Darryl K. Taft
WebAssembly is everywhere. Here's how it works
Feb 25th 2026 11:00am, by Jessica Wachtel
Wasm vs. JavaScript: Who wins at a million rows?
Feb 22nd 2026 6:00am, by Jessica Wachtel
Arcjet reaches v1.0, promises stable security for JavaScript apps
Feb 14th 2026 7:00am, by Darryl K. Taft
How WebAssembly and Web Workers prevent UI freezes
Feb 7th 2026 9:00am, by Jessica Wachtel
Will AI force code to evolve or make it extinct?
Mar 22nd 2026 6:00am, by David Cassel
Java 26 lands without an LTS badge. Here's why developers should care anyway.
Mar 18th 2026 9:35am, by Darryl K. Taft
TypeScript 6.0 RC arrives as a bridge to a faster future
Mar 14th 2026 9:00am, by Darryl K. Taft
Nearly half of all companies now use Rust in production, survey finds
Mar 6th 2026 10:45am, by Darryl K. Taft
Statistical language R is making a comeback against Python
Feb 12th 2026 2:57pm, by Darryl K. Taft
OpenAI acquires Astral to bring open source Python developer tools to Codex — but details are still fuzzy
Mar 20th 2026 7:33am, by Meredith Shubel
Python virtual environments: isolation without the chaos
Feb 16th 2026 7:00am, by Jessica Wachtel
Statistical language R is making a comeback against Python
Feb 12th 2026 2:57pm, by Darryl K. Taft
Arcjet's Python SDK Embeds Security in Code
Jan 16th 2026 2:00pm, by Darryl K. Taft
2025: The Year of the Return of the Ada Programming Language?
Jan 14th 2026 4:00pm, by Darryl K. Taft
Nearly half of all companies now use Rust in production, survey finds
Mar 6th 2026 10:45am, by Darryl K. Taft
Wasm vs. JavaScript: Who wins at a million rows?
Feb 22nd 2026 6:00am, by Jessica Wachtel
Open source USearch library jumpstarts ScyllaDB vector search
Feb 5th 2026 12:00pm, by Jelani Harper
The 'weird' things that happened when Clickhouse replaced C++ with Rust
Feb 4th 2026 7:26am, by B. Cameron Gain
Async Rust: Pinning demystified
Jan 26th 2026 11:00am, by Anshul Gupta
TypeScript 6.0 RC arrives as a bridge to a faster future
Mar 14th 2026 9:00am, by Darryl K. Taft
Mastra empowers web devs to build AI agents in TypeScript
Jan 28th 2026 11:00am, by Loraine Lawson
Inferno Vet Creates Frontend Framework Built With AI in Mind
Dec 10th 2025 11:00am, by Loraine Lawson
JavaScript Utility Library Lodash Changing Governance Model
Nov 1st 2025 7:00am, by Loraine Lawson
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
AI Agents / Operations / Security / WebAssembly

WebAssembly could solve AI agents’ most dangerous security gap

WebAssembly offers strong isolation and sandboxing for AI agent-generated code, solving security risks that containers and microVMs struggle to address.
Mar 24th, 2026 9:01am by
Featued image for: WebAssembly could solve AI agents’ most dangerous security gap
Illustration by VectorElements on Unsplash

AI agent-generated code poses an often-overlooked threat: the possibility that an agent will generate unchecked, potentially lethal commands. Think of Hal 9000 taking over the mission in Stanley Kubrick’s 2001: A Space Odyssey. While that was sci-fi, it’s not far from a real scenario playing out today: Code derived from LLM output can produce AI agents that gain access to sensitive data and applications, wreaking havoc on the environment.

It’s a scenario that Dan Phillips, a systems engineer and founder of WebAssembly Chicago, explored during his talk at Wasm I/O held this month in Barcelona.

Agents run code and need isolation

Phillips outlined why WebAssembly can provide excellent isolation and sandboxing for untrusted AI-generated code. As agents have evolved into actors that perform actions on a user’s behalf, they need an execution environment, he said.

“This is because they don’t just think – they run code derived from LLM output and produce artifacts,” Phillips said. “Code is deterministic, so adding isolation provides a core primitive for agents.”

Containers share a kernel problem

Several technologies are currently used to sandbox code, but they often rely on a shared kernel. Often, containers, the gVisor security layer, or microVMs like Firecracker offer some isolation but can be woefully inefficient. These methods rely on a shared kernel, have heavy runtime layers, and add orchestration complexity involving nomads, namespaces, and control planes,   Phillips said. 

“Instead of starting from the kernel or containers, you start with nothing and then add from there. This makes certain exploits unavailable by construction.”

“This is expensive in terms of money, time, and understanding. It can be hard to reason about and slow to spin up,” Phillips said. “These all rely on a shared kernel, right? These have relatively heavy runtime layers, and they’re on top of these; things will start to be things like orchestration complexity.”

Wasm starts with nothing

However, WebAssembly offers that much-needed isolation layer for AI agents. This is because it has no shared kernel and uses a different memory model. “Instead of starting from the kernel or containers, you start with nothing and then add from there,” Phillips said. “This makes certain exploits unavailable by construction.”

WebAssembly modules, through which applications and code run, can also be orders of magnitude smaller, which is one of Wasm’s standout features. Its well-known benefits include ultra-rapid startup times and what Phillips called Wasm’s enablement of  isomorphic computing, where the same code runs in the browser, phone, cloud, or home server.” 

Boxer removes developer friction

Despite the Wasm offers for AI Agent sandboxes, developers often don’t want to rewrite code for a new technology if they don’t understand the benefits, Phillips said. Developers expect a platform and full system access, even if it’s limited. Phillips described how open-source Boxer allows users to take a Dockerfile and distribute it as a universally runnable Wasm distribution. 

“For most things that you could do with Docker, you can do in Wasm also.”

“The project’s goal is to allow the running of unmodified code with no rewrites and no compromises,” Phillips said. “This helps take away friction and make Wasm more accessible. This basically means that for most things that you could do with Docker, you can do in wasm also.” 

Despite its technical benefits, WebAssembly faces a “mental model gap,” Phillips said.  Developers often expect a full platform with system access and are reluctant to rewrite existing code.  “People don’t want to rewrite code when they deploy,” Phillips said. “So, a new technology, specifically one that has a reduced environment, and they don’t really want to do it if they don’t understand the benefits.” 

The future of sandboxing extends beyond the cloud to “isomorphic computing,” where the same agentic code can move seamlessly between browsers, mobile devices, and home servers. “It’s not just cloud, but also isomorphic computing, where you have the same code running in your browser, your phone on the cloud, your server at home, where you can move these things between these different elements seamlessly,” Phillips said.

Yes, developers, platform, and engineering teams do not want to have to fiddle with potential incompatibilities or add layers of “glue” to ensure code – created by AI agents or otherwise – remains sandboxed. But regardless, WebAssembly already offers at least a very solid level of isolation, which is much needed for the explosion in the distribution of AI agentic code.

For advocates, the question becomes rhetorical: Why would you not sandbox AI agents with WebAssembly modules?

TRENDING STORIES
Created with Sketch.
BC Gain is founder and principal analyst for ReveCom Media. His obsession with computers began when he hacked a Space Invaders console to play all day for 25 cents at the local video arcade in the early 1980s. He then...
Read more from B. Cameron Gain
SHARE THIS STORY
TRENDING STORIES
TNS owner Insight Partners is an investor in: Docker.
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.