Running AI Agents Safely with Firecracker MicroVMs (Introducing BunkerVM)

Recently I’ve been experimenting with AI agents that can execute code, install packages, and run shell commands. One thing quickly became uncomfortable: most of this code runs directly on the host machine. If an AI agent runs something unexpected - deletes files, installs a malicious package, or misconfigures the environment - it can affect the entire system. Containers help, but they still share the host kernel. I started wondering: What if every AI agent ran inside its own lightweight virtual machine instead? That idea led me to build a small project called BunkerVM.