# microsandbox Blog

Updates, engineering deep dives, and news from the microsandbox team.

Canonical: https://microsandbox.dev/blog
RSS: https://microsandbox.dev/blog/rss.xml

## Posts

### [Sandboxes that lie about their secrets](https://microsandbox.dev/blog/sandboxes-that-lie-about-their-secrets)

Agent sandboxes need a secret-aware network boundary that keeps real credentials host-side and decides per request.

Published: 2026-06-01
Category: Engineering
Tags: microsandbox, secrets, sandboxing, agents, security
Markdown: https://microsandbox.dev/blog/sandboxes-that-lie-about-their-secrets/markdown

### [We made our filesystem 47× faster by deleting it](https://microsandbox.dev/blog/oci-filesystem-47x-faster)

We replaced our user-space filesystem with a real disk image that the VM mounts directly. Here's how we got there, and what fell out along the way.

Published: 2026-05-19
Category: Engineering
Tags: microsandbox, erofs, fuse, performance, microvms
Markdown: https://microsandbox.dev/blog/oci-filesystem-47x-faster/markdown

### [Bring your own init: PID 1 handoff](https://microsandbox.dev/blog/bring-your-own-init)

microsandbox needs its own init to boot the guest. Linux services often need systemd in that same PID 1 slot. Handoff is how we make both true.

Published: 2026-05-08
Category: Engineering
Tags: microsandbox, systemd, init, microvms
Markdown: https://microsandbox.dev/blog/bring-your-own-init/markdown

### [Why your AI agent needs its own machine](https://microsandbox.dev/blog/your-agent-its-machine)

Prompt injection has no clean fix at the model layer, and containers were never designed to isolate workloads from themselves. The case for running every agent inside its own microVM.

Published: 2026-04-14
Category: Announcements
Markdown: https://microsandbox.dev/blog/your-agent-its-machine/markdown