The Manifesto

AI agents are not traditional web servers. A unikernel is a specialized, single-purpose machine image that compiles an application and its required OS libraries into one artifact — eliminating the kernel-space/user-space divide entirely. Research shows that AI agents are bursty, compute-intensive, and idle over 80% of the time, yet the industry defaults to running agents on Linux — a general-purpose operating system designed in the 1990s that brings millions of lines of unnecessary kernel code to every deployment.

Linux brings over 27 million lines of code, heavy context switching overhead, and a massive attack surface to a workload that needs a single process. Containers — such as Docker or Podman — do not solve the isolation problem. Containers merely hide the host OS while still sharing the host kernel, leaving agents exposed to cross-tenant vulnerabilities.

We believe the future of agentic infrastructure lies in unikernels. By compiling the application code directly with the necessary OS libraries into a single, specialized machine image, we eliminate the kernel-space/user-space divide entirely.

The result is a unikernel runtime — for example, a Unikernel or MirageOS image — that boots in under 50 milliseconds on a Firecracker micro-VM, consumes 5–10 megabytes instead of gigabytes, and presents a virtually impenetrable security profile with no shell, no SSH daemon, and no unused kernel modules to exploit.

To scale AI agents economically and securely, we must shed the legacy of the general-purpose OS. We are building the runtime for the agentic future.