aicoolies logo
gVisor logo

gVisor

Google's application kernel for container sandboxing and security

Share
open-sourceOpen Source
Visit Website →

gVisor is Google's open-source container runtime sandbox that provides an additional layer of isolation between containerized applications and the host kernel. It implements a user-space application kernel that intercepts system calls, preventing container escapes and limiting the attack surface. Used in Google Cloud Run, GKE Sandbox, and other Google Cloud services. Over 18,000 GitHub stars.

gVisor is a user-space kernel written in Go that sandboxes Linux containers by intercepting system calls without requiring virtualization or hardware extensions. Unlike traditional container runtimes, gVisor runs as an unprivileged process and mediates all guest kernel interactions, providing strong isolation boundaries at the cost of increased overhead. It integrates seamlessly with Docker and Kubernetes through the runsc runtime (OCI-compatible), making it a drop-in replacement for runc that strengthens security posture for untrusted or multi-tenant workloads.

The core innovation lies in gVisor's architecture: rather than trusting the host kernel to protect against container breakouts, gVisor acts as an intermediate kernel layer, translating container syscalls into safer host operations. This design eliminates entire classes of kernel vulnerabilities—if a container exploits a Linux kernel bug, the gVisor kernel can detect and block it. Performance trade-offs exist (1.5-2x overhead typical), but for security-critical applications, the isolation guarantees justify the cost. Google Kubernetes Engine (GKE) Sandbox leverages gVisor to run AI agents and untrusted code safely alongside production workloads.

Organizations deploying multi-tenant SaaS platforms, research clusters accepting external code, or cloud providers isolating customer workloads rely on gVisor. It is particularly valuable for serverless platforms like Google Cloud Run where isolation between functions is mandatory. The project remains active and production-ready, with ongoing performance optimizations and support for advanced features like rootfs overlays and variable-length sequence handling.

Pricing

Free and open-source under Apache 2.0

Platforms

Linux, Docker, Kubernetes, OCI runtime

Categories

Tags

Use Cases

Alternatives

Related Tools

Agent Governance Toolkit logo

Agent Governance Toolkit

Microsoft’s public-preview runtime governance toolkit for policy, identity, sandboxing, audit, and MCP security around AI agents.

Agent Governance Toolkit is Microsoft’s MIT-licensed public-preview toolkit for governing AI agent runtimes. It adds policy enforcement, zero-trust identity, execution sandboxing, audit, reliability, and MCP security-gateway patterns around tool calls and autonomous actions, helping platform teams move beyond prompt-only guardrails while preserving architecture review requirements.

open-sourceOpen SourceTelemetry
Baz logo

Baz

Telemetry-aware AI code reviewer that checks how pull requests may affect real services.

Baz is an AI code-review platform focused on production-aware pull requests. Instead of only reading the diff, Baz connects code changes to application telemetry so reviewers can understand what endpoints, services, and runtime behavior may be affected. That makes it a useful complement to existing AI PR bots when the question is not just whether a change looks correct, but whether it could break a live system.

freemiumTelemetry
rampart

Rampart

Microsoft’s pytest-native red teaming framework for turning AI agent safety findings into CI tests.

RAMPART is an open-source Microsoft framework for safety and security testing of agentic AI applications. It brings red-team findings into a pytest-native workflow so teams can turn prompt injection, unsafe tool use, and behavioral boundary failures into repeatable regression tests. The strongest aicoolies angle is developer workflow: RAMPART makes agent safety part of CI/CD instead of a one-off security review.

open-sourceOpen Source
Statewright logo

Statewright

State-machine guardrails for controlling which tools AI coding agents can use at each phase.

Statewright is a guardrail layer for AI coding agents that uses explicit state machines to control what an agent can do at each stage of a workflow. Instead of relying only on prompt instructions, teams can model phases such as plan, implement, test, and review, then constrain tool access for clients like Claude Code, Codex, Cursor, opencode, and related MCP workflows.

open-sourceOpen Source
Magika logo

Magika

AI-powered file-type detection at Google scale

Open-source AI-powered file-type detection tool from Google that uses a custom deep-learning model under a few megabytes to identify more than 200 binary and textual content types in milliseconds, even on a single CPU. Magika ships as a CLI, Python package, JavaScript/TypeScript library, and an ONNX model, achieves around 99% accuracy on its test set, and is already used at Google scale across Gmail, Drive, and Safe Browsing as well as by VirusTotal and abuse.ch.

freeOpen Source
Trent AI logo

Trent AI

Agentic AI security posture management

Trent AI is a specialized security platform for agentic AI applications providing AI Security Posture Management that compounds with every development cycle. Scans, judges, mitigates, and evaluates AI agent security detecting threats traditional tools miss including prompt injection attacks, tool misuse, unintended autonomous actions, data exfiltration through agent chains, and privilege escalation. Offers continuous assessment with remediation plan execution through Claude Code.

paid