SmolVM
SmolVM is a lightning-fast, secure microVM runtime designed for high-density isolation. It provides AI agents and tools with a safe, hardware-virtualized environment to execute untrusted code without risking the host system.Why SmolVM?
AI agents often need to execute arbitrary code (Python, JS, shell scripts) generated by LLMs. Running this code directly on your host or in standard containers can be risky.MicroVM-based security
Unlike containers that share the host kernel, SmolVM uses KVM-backed microVMs for significantly smaller attack surface and stronger hardware-level isolation.
Agent-first design
SmolVM abstracts away the complexity of microVM networking, storage, and TAP devices into a simple, pythonic API.
Key features
Secure isolation
Hardware-level virtualization utilizing Firecracker for strong sandbox boundaries
Blazing fast
MicroVMs boot in sub-second time with minimal overhead
Python native
Clean, high-level SDK for managing VM lifecycles and command execution
Automatic networking
Built-in NAT, port forwarding, and SSH tunneling
Custom images
Build specialized Debian-based rootfs images with your own tools
Auto-cleanup
Integrated resource management to keep your host system clean
Performance
SmolVM is optimized for low-latency agent workflows. Latest lifecycle timings (p50) on a standard Linux host:| Phase | Time |
|---|---|
| Create + Start | ~572ms |
| SSH ready | ~2.1s |
| Command execution | ~43ms |
| Stop + Delete | ~751ms |
| Full lifecycle (boot → run → teardown) | ~3.5s |
Measured on AMD Ryzen 7 7800X3D (8C/16T), Ubuntu Linux, KVM/Firecracker backend.
Next steps
Installation
Install SmolVM on Linux or macOS
Quickstart
Get your first VM running in minutes