2 points | by alexellisuk 6 hours ago ago
1 comments
Containers assumed reviewed code. AI agents break that assumption.
The interesting shift here isn’t Docker vs microVMs, it’s that “execute first, reason later” has become normal — and that forces isolation to move down to the kernel boundary.
Containers assumed reviewed code. AI agents break that assumption.
The interesting shift here isn’t Docker vs microVMs, it’s that “execute first, reason later” has become normal — and that forces isolation to move down to the kernel boundary.