Hyperlight: Virtual machine-based security for serverless functions at scale

Hyperlight is an open-source, Rust-based micro-virtual machine (micro-VM) manager designed to enable high-performance, hypervisor-protected execution of untrusted functions at scale. Traditional virtual machines provide strong isolation but incur high startup overhead, making them unsuitable for fine-grained, functions-as-a-service (FaaS) and event-driven workloads. Hyperlight addresses this by creating micro-VMs with no guest operating system in as little as 1-2 milliseconds, offering both hardware-based security and low latency for function calls. It supports integration with hypervisors such as Microsoft’s Hyper-V and Linux KVM, enabling secure execution across platforms. Demonstrations at KubeCon showed micro-VM executions averaging ~0.0009 seconds in warm scenarios, suggesting the feasibility of micro-VMs for real-time cloud applications. Hyperlight is now part of the Cloud Native Computing Foundation (CNCF) sandbox, aiming to foster community collaboration for lightweight virtualization in serverless and edge computing scenarios. During this session we will show demos of Hyperlight based WASM/WASI workloads running both on-prem, on Kubernetes and on Azure, using Azure Functions, and show how it can be used to reduce token usage and increase security in AI scenarios.