InstaVM

Product Introduction

1. Definition: InstaVM is a production control plane and runtime platform for AI agents, built on Firecracker microVM technology. It provides hardware-isolated, observable, and controllable execution environments for untrusted AI-generated code.
2. Core Value Proposition: It exists to enable developers and organizations to run AI agents like production servers, with enterprise-grade security and operational control, eliminating the risks of container-based sandboxes while maintaining sub-200ms boot times for scalable, instant compute.

Main Features

1. Hardware-Isolated MicroVMs: Each AI agent execution occurs in a dedicated Firecracker microVM with its own kernel, filesystem, and network stack. This provides true hardware-level isolation, superior to container-based solutions, preventing cross-tenant leakage and containing malicious code.
2. Persistent Volumes & Snapshots: Stateful data is managed via named volumes that exist independently of VM lifecycles. Users can checkpoint a volume's state, clone it read-only for parallel workers, or mount it read-write to a single agent. The snapshot functionality allows forking any sandbox or rewinding any run, enabling complex workflows like pausing and resuming long-running agents.
3. Proxy-Based Secret Injection & Egress Control: API keys and credentials are injected via a secure proxy at request time, ensuring agents never have direct access. If compromised via prompt injection, secrets remain secure. Network egress is deny-by-default, with configurable allowlists for domains, CIDRs, and package managers, providing fine-grained outbound control.
4. SSH-Native Workflow & Public Shares: The entire platform is accessible via ssh instavm.dev, eliminating the need for local CLI installation. Users can create, connect, clone, and manage VMs directly from any shell. Any running service port can be instantly exposed via a public or private share URL, with support for custom domains for production deployments.
5. Computer Use (Desktop Workflows): Provides full Linux desktop environments within isolated VMs, complete with browser, terminal, and sudo access. This enables UI automation for agents, with capabilities for screenshots, recordings, and live human takeover via noVNC, supporting autonomous, human-in-the-loop, or hybrid workflows.

Problems Solved

1. Pain Point: The security risk of executing untrusted, AI-generated code in insufficiently isolated environments (e.g., containers or language-level sandboxes) which can lead to host system compromise, data leakage, and unauthorized network access.
2. Target Audience: AI/ML Engineers building agentic systems, DevOps/Security Engineers managing AI infrastructure, Product Teams integrating AI code interpreters or copilots, and Researchers conducting AI evaluations or reinforcement learning at scale.
3. Use Cases: Deploying secure AI code interpreters, running deep research agents with persistent memory, conducting large-scale AI evaluation bursts, enabling reinforcement learning environments, automating browser/desktop tasks (Computer Use), and hosting always-on MCP (Model Context Protocol) servers or agentic applications.

Unique Advantages

1. Differentiation: Unlike traditional cloud VMs (slow boot, expensive) or containers (shared kernel, weaker isolation), InstaVM combines the security of hardware virtualization with the speed and density of microVMs. It also surpasses pure sandbox libraries by offering a full managed platform with storage, networking, and observability built-in.
2. Key Innovation: The integration of Firecracker microVMs for sub-200ms cold boots creates a "serverless" experience for full virtual machines. Coupled with the ssh instavm.dev interface, it delivers a uniquely seamless and secure workflow for provisioning and controlling isolated agent environments directly from the terminal.

Frequently Asked Questions (FAQ)

1. How does InstaVM's isolation compare to Docker containers? InstaVM uses Firecracker microVMs, which provide hardware-level virtualization with a dedicated kernel for each sandbox. This offers stronger security boundaries than Docker containers, which share the host OS kernel, making InstaVM suitable for executing untrusted AI agent code.
2. What is the typical cold start time for a new VM on InstaVM? The 95th percentile (P95) cold start time for booting a fresh Linux microVM is under 200 milliseconds. This is significantly faster than traditional VMs and enables instant scaling for agent workloads without pre-warming.
3. How does pricing work for InstaVM? InstaVM offers a Free pay-as-you-go tier with $50 in starting credits and a Pro plan at $100/month base subscription plus usage. Both tiers include 10 GB of included volume storage, with additional allocated storage billed at $0.0002 per GB-hour.
4. Can I use InstaVM for local development before deploying to the cloud? Yes, via CodeRunner for Mac, which provides complete VM-level isolation locally without uploading files to the cloud. This allows for a cloud-compatible development workflow where you can prototype with local data and then deploy to InstaVM's cloud without code changes.
5. How are secrets managed to prevent prompt injection attacks? InstaVM uses proxy-based secret injection. Credentials like API keys are never passed directly to the agent code. Instead, they are injected via a secure proxy at the network request level, keeping them out of the agent's runtime environment and blast radius if the agent is compromised.