InstaVM is a production control plane for AI agents — it runs agents like production servers: isolated, observable, and controlled. The core is Firecracker microVMs with sub-200ms boot times, so an agent can spin up a fresh isolated computer faster than most API calls return.
## What the control plane gives you
Pause a running VM mid-execution, snapshot its state, then resume or clone it instantly — ideal for long-running agent workflows where you want to fork from a known-good checkpoint. Fine-grained outbound network rules let you allowlist specific domains, block egress entirely, or scope network access per-VM. That last part matters: an agent with shell access and unrestricted network is a data-exfiltration risk, and per-VM egress control contains the blast radius.
## The open-source piece
InstaVM also ships CodeRunner, an open-source sandbox that runs AI coding agents inside VM-isolated containers on Apple Silicon Macs — full VM-level isolation to prevent data loss and exfiltration during agentic code execution, all locally.
## Why it matters
As agents move toward unattended, long-running execution, the missing layer is production-grade infrastructure: fast isolation, state management, network policy. InstaVM is building the same kind of control plane for agents that Kubernetes built for containers. Sub-200ms Firecracker boots make per-task isolation actually practical rather than a latency tax.
Top AI Product 
Leave a comment