←back to thread

AI models need a virtual machine

(blog.sigplan.org)
224 points azhenley | 5 comments | 30 Aug 25 13:25 UTC | HN request time: 0.831s | source
1. singron ◴[30 Aug 25 18:06 UTC] No.45076773[source]
This article is so devoid of specifics, I'm not entirely sure I know what they are proposing. A VM implies an instruction set of some kind with control flow, registers, etc. but they spend the whole article on authorization, which seems orthogonal to the concept. I think what they really mean is a sandbox, jail, or container where a "syscall" equivalent let's the model interact with the outside world.
replies(3): >>45076798 #>>45076902 #>>45083481 #
2. YetAnotherNick ◴[30 Aug 25 18:09 UTC] No.45076798[source]
Yes by their definition the current AI agents are running in VM already. e.g. MCP host could prompt the user for executing something and we can also have rules like in claude code to automatically allow some pattern of command.
3. Animats ◴[30 Aug 25 18:24 UTC] No.45076902[source]
> This article is so devoid of specifics, I'm not entirely sure I know what they are proposing.

Yes. Are they proposing a virtual machine execution engine? Docker for LLMs? Or what? This looks like some kind of packaging thing.

Badly designed packaging systems are a curse. Look at how many Python has gone through.

replies(1): >>45076916 #
4. kookamamie ◴[30 Aug 25 18:27 UTC] No.45076916[source]
"Like dude, a JVM for AIs!" - it reads like that.
5. user3939382 ◴[31 Aug 25 14:39 UTC] No.45083481[source]
I read VM and immediately took it to be very adjacent to sandboxing. The article says “isolation”. To me there was neither ambiguity nor a lack of detail.

The problem is the author’s point is obvious and solution imperfect. Okay you’re in a sandbox at the OS or let’s even say hardware level. Whoops the agent found AWS CLI with IAM not setup right. The remote boundaries are at least as complex though not unique to automated agents. I don’t see any new insights. The terminology was not the issue.