Container isolation, syscall surface, and the AI-agent code-execution attack surface.https://zviz.skelfresearch.com/en-ushttps://zviz.skelfresearch.com/blog/ai-agent-code-execution-attack-surface/https://zviz.skelfresearch.com/blog/ai-agent-code-execution-attack-surface/An agent runtime executes code that didn't exist twenty seconds ago, generated by a model that may have been prompt-injected by content it scraped twenty minutes ago. The threat model is unusual. Container security people should pay attention.Tue, 02 Jun 2026 00:00:00 GMThttps://zviz.skelfresearch.com/blog/isolation-models-ranked/https://zviz.skelfresearch.com/blog/isolation-models-ranked/Process, namespace, syscall-filter, userspace-kernel, MicroVM, hardware. Five layers, five honest trade-offs, one ranking that doesn't pretend a chroot is a sandbox.Tue, 26 May 2026 00:00:00 GMThttps://zviz.skelfresearch.com/blog/namespaces-arent-enough/https://zviz.skelfresearch.com/blog/namespaces-arent-enough/Namespaces are a packaging primitive. A user/pid/mount namespace contains nothing on its own. The escape budget is the syscall surface — and on a stock kernel, that's roughly 350 system calls of attack area.Tue, 12 May 2026 00:00:00 GMT