Security
When you hand work to an AI agent, your biggest concerns are data safety, privacy, and staying in control. VM0 was designed from day one with all of this in mind.
Isolated execution
Every agent run happens inside a completely isolated private environment. When the run finishes, the environment is destroyed automatically, nothing is left behind. Think of it like a disposable glove: clean, safe, and reliable.
Powered by Firecracker microVMs with hardware-level KVM isolation, not containers. Each run gets its own network namespace from a pre-allocated pool of 16,000+.
Secrets never exposed
Connecting Gmail, Slack, or GitHub? Your tokens and credentials are securely managed for you. The agent can use them, but it can never see or extract them. Even if something goes wrong in the agent's code, your accounts stay safe.
Credentials are injected at the network layer via transparent MITM proxy. Agent code never touches raw tokens. Outbound requests are scanned to prevent secret leakage.
Starts in seconds
We've done extensive optimization under the hood so your agent goes from trigger to running in tens of milliseconds. Fast, because we put in the hard work at the infrastructure level. You just experience the result.
Overlayfs with shared read-only rootfs for zero-copy boot. VM memory snapshots pre-warm the entire runtime stack, restore instead of cold start.
Full audit trail
Every action the agent takes, which services it accessed, which APIs it called, what it produced, is logged. If something goes wrong, there's a clear record. If nothing goes wrong, you still have peace of mind.
Complete HTTP/HTTPS traffic logged per run (JSONL). Immutable, content-addressed artifacts stored on Cloudflare R2 with SHA-256 integrity.
Open source
The core platform is open source. You can inspect the code, audit the security model, and contribute. Transparent by default.
Core platform on GitHub. Regular third-party penetration testing. SOC 2 Type II compliance in progress.
Questions about security? Contact us