Engineering @ Cosmonic

Last month the Bytecode Alliance published security advisories for Wasmtime: the largest set of advisories the project has ever published at once, triple the total number issued in all of 2025. The accompanying patch releases (Wasmtime versions 43.0.1, 42.0.2, 36.0.7, and 24.0.7) address 12 vulnerabilities surfaced with the help of a frontier AI model.

Wasmtime is one of the most rigorously engineered runtimes in open source: written in Rust, continuously fuzz-tested, backed by multiple organizations who treat it as security-critical infrastructure. What this release demonstrates is that surfacing vulnerabilities in even the most hardened codebases is no longer the hard part. Finding them quickly and at scale is now within reach of any well-resourced team with access to a capable model.

The hard part is what happens next. Teams have to review each finding, triage severity and blast radius, and patch across active versions, while coordinating disclosure with production embedders before vulnerabilities become public. That work still requires deep expertise, sustained investment, and the kind of trust that only comes from years of doing it right. It shouldn't come as a surprise that, according to a technical blog from Anthropic Red Team, over 99% of vulnerabilities uncovered through similar research have not yet been patched.

At Cosmonic, we're privileged to be part of the Bytecode Alliance, and proud to be part of a community with the commitment to swift releases and advisories like the ones we saw in April.

When people talk about AI sandboxes today, they usually mean:

• seccomp, seatbelt, or bubblewrap
• containers built from namespace mappings, cgroups, and allowlists
• hand-tuned profiles bolted onto the existing OS
• some assemblage of the above

These are all useful tools. But none of them were built for agentic AI security, and every single one of them inherits the same original sin: ambient authority.

We're heading to Amsterdam for KubeCon + CloudNativeCon EU 2026, and we'd love to see you there!

From March 24-26, you can find us on the KubeCon floor demoing Cosmonic Control, our Kubernetes-native control plane for running WebAssembly workloads in secure, sandboxed environments. Whether you're exploring Wasm for the first time or looking for a production-grade platform for microservices, AI agents, and other sensitive workloads, stop by and see what Control can do.

Over on the VMware Cloud Foundation blog, Ka-Kit Wong has published an excellent guide to running Cosmonic Control on vSphere Kubernetes Service (VKS).

We're heading to Atlanta for KubeCon + CloudNativeCon NA 2025, and we'd love to see you there!

On November 10-13, you can find us sponsoring Cloud Native AI Day and talking SandboxMCP, exploring new developments in Wasm at WasmCon, and sharing the latest from Cosmonic Control and wasmCloud on the KubeCon floor.

Plus, the Cosmonic crew will be presenting throughout the show, talking service meshes, Wasm instrumentation, WASI WebGPU, GitOps with Wasm workloads, and more.

Servers using the Model Context Protocol (MCP) from Anthropic have become the industry standard approach for extending the capabilities of Large Language Models (LLMs) and creating agentic workflows. WebAssembly (Wasm) components are quickly emerging as the ideal unit of deployment, providing a secure-by-default sandbox for MCP servers.

In this blog, we'll explain how you can use the open source Wasm Shell (wash) CLI and OpenAPI2MCP to quickly and easily develop MCP servers that enable models to use APIs defined in the OpenAPI specification—and then compile those MCP servers to Wasm component binaries that can be deployed to Kubernetes with Cosmonic Control.

As organizations race to implement AI agents, many are building Model Context Protocol (MCP) servers to mediate between Large Language Models (LLMs) and external tools and resources. Among the most crucial challenges in deploying MCP servers is security: the non-deterministic input and output of LLMs create agentic-specific risks such as LLM prompt injection, data exfiltration, execution environment risks, and more.

WebAssembly (Wasm) components provide new real-time security controls to address the MCP security problem. Wasm component binaries are portable, polyglot sandboxes that interact with the outside world via explicitly enabled, language-agnostic interfaces. When MCP servers are compiled to Wasm, they can be deployed with the confidence that agents can only interact with approved tools and resources in approved ways.

In this blog, we'll examine patterns for remote-hosting sandboxed MCP servers, explain how Wasm helps to mitigate security risks associated with AI agent integration, and demonstrate how to deploy a sandboxed MCP server with Wasm using Kubernetes and Cosmonic Control.

Recently, we launched the Cosmonic Control Technical Preview, giving platform engineering teams the chance to try our enterprise control plane for managing WebAssembly (Wasm) workloads in cloud-native environments.

Cosmonic Control integrates seamlessly with existing cloud native standards, technologies, and estates, so you can deploy and manage Wasm workloads with industry-standard patterns and tooling, such as GitOps with Argo CD.

In this blog, we'll take a look at how Cosmonic Control integrates with Argo CD, enabling platform engineering teams to manage ultra-dense sandboxed platforms with Wasm using their existing GitOps approach. Then we'll walk through deploying Cosmonic Control and a Wasm component with Argo CD.

Cosmonic is proud to announce the launch of our Cosmonic Control Technical Preview for platform engineering teams.

Cosmonic Control is the enterprise control plane for managing ultra-dense sandboxed platforms with WebAssembly (Wasm). Building on the Incubating CNCF project wasmCloud, Cosmonic Control gives platform engineering teams a single interface and unified control plane to…

Today, we’re launching the Technical Preview for Cosmonic Control, an enterprise control plane for managing WebAssembly (Wasm) workloads in cloud native environments.

Cosmonic Control is built on the open source foundations of wasmCloud, an Incubating project at the Cloud Native Computing Foundation (CNCF) that originated with the founders of Cosmonic.

Since we’re launching an enterprise product built on open source, now seems like a good time to lay down some of our guiding principles and commitments.