Skip to main content
Glama

MicroVMs Over Containers: A Safer Execution Path for AI Agents

Written by on .

MicroVMs
AI-agent
sandbox
assistant tools
mcp
  1. Why Containers Aren’t Enough
    1. What Are MicroVMs?
      1. What Is Micro Sandbox?
        1. How to Use It with MCP
          1. Python SDK Example
            1. Why This Helps MCP Developers
              1. Acknowledgements
                1. References

                  When building AI agents that write and run code, developers often face a challenge: containers aren’t secure enough. In a recent episode of The Context, Stephen Akinyemi, founder of Zerocore AI, introduced Micro Sandbox—a way to run code safely using MicroVMs. This is especially useful for developers working with the Model Context Protocol (MCP), where keeping your tools safe really matters.1

                  Why Containers Aren’t Enough

                  Containers were not made to run untrusted code. They rely on features built into the operating system, like namespaces and control groups, to keep programs separate. But if there’s a problem with the container system (like Docker), that problem can let programs access your main system 2.

                  Image

                  For AI agents that generate and run code, such as Claude or GitHub Copilot, this is risky. Problems include:

                  • Hidden instructions inside user prompts
                  • Bad packages or dependencies
                  • Code that tries to harm your system
                  • Changes to your working directory

                  Also, containers can’t run all types of programs, especially older Linux software.

                  What Are MicroVMs?

                  MicroVMs are very small virtual machines. They start quickly and use fewer resources, but they still give each program its own operating system and memory. That extra layer—called a hypervisor—keeps the code fully separated from your system 3.

                  Image

                  Amazon created Firecracker, a tool to run MicroVMs. It’s now used by many platforms to keep user code from causing harm.

                  What Is Micro Sandbox?

                  Micro Sandbox is a tool that helps developers use MicroVMs more easily. It gives you a command-line tool (like Docker) and a Python interface. With it, you can:

                  • Manage VM images
                  • Use a custom file system (even on macOS)
                  • Keep track of VM state
                  • Run MicroVMs with one command
                  • Connect it to your MCP tools directly4

                  Micro Sandbox runs MicroVMs and listens for code to run. You can plug it into AI agents or use it as a separate service.

                  How to Use It with MCP

                  Image

                  To run Micro Sandbox as an MCP server:

                  1. Start the sandbox server:
                  msb server
                  1. Update your config file to include:
                  - id: micro_sandbox url: http://localhost:8000 description: MicroVM sandbox server
                  1. Send code to run, for example from an agent like Claude:
                  { "tool_call": { "tool": "micro_sandbox", "input": { "language": "node", "code": "start a server on port 6060" } } }

                  Micro Sandbox sets up the MicroVM, installs the tools you need (like Node.js), and runs the code safely.5

                  Python SDK Example

                  You can also use the Python interface:

                  from micro_sandbox import Sandbox sandbox = Sandbox(language="python") result = sandbox.run("print('hello from microvm')") print(result.output)

                  This lets you run code without having to set up the VM yourself.6

                  Why This Helps MCP Developers

                  • You can run any Linux tool or program
                  • You can test AI-generated code without risking your system
                  • You can try unsafe packages safely
                  • You can create full-featured MCP tools that need command-line access

                  As AI agents become more capable, this level of safety is becoming more important. Micro Sandbox gives developers a way to use MicroVMs without needing to learn all the low-level details.7

                  Acknowledgements

                  This guide is based on Stephen Akinyemi's8 talk at the Beyond Containers: MicroVMs as the Security Primitive for AI Agents9 episode of The Context, where he explained how Micro Sandbox works and how it can be used with MCP. Thanks to the Anthropic team and the wider MCP developer community for helping build secure tools for AI.

                  References

                  Footnotes

                  1. AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

                  2. Firecracker – Lightweight Virtualization for Serverless Computing

                  3. microsandbox GitHub repository

                  4. "Virtual Machines that feel and perform like containers" discussion

                  5. "Your containers aren't isolated…" Northflank blog

                  6. "Beyond Containers: Exploring the MicroVM Revolution – Part 1"

                  7. "The Security Model of MicroVMs – Why Firecracker Is Built for Isolation"

                  8. Stephen Akinyemi, founder of Zerocore AI

                  9. Beyond Containers: MicroVMs as the Security Primitive for AI Agents

                  Written by Om-Shree-0709 (@Om-Shree-0709)