Fly.io puts AI agents in VMs, not containers

Hosting company Fly.io introduces Sprites, lightweight virtual machines based on Firecracker. These are specially designed to isolate coding agents in their own environment.

CEO Kurt Mackey explains that traditional “ephemeral sandboxes” (read: containers) are not suitable for agents like Claude. Persistent VMs allow agents to resume work on pull requests without having to rebuild the development environment each time. According to Mackey, a Sprite comes online within one to twelve seconds. When inactive, they shut down but retain permanent storage.

Claude is not a “pro developer,” Mackey says. Instead, it is a “hyperproductive five-year-old savant.” In other words, it tries everything, including what works, but “wants to stick its finger in every available socket.” To protect against this (and the end user’s development environment), an agent is given a “computer,” or a VM.

Billing is based on CPU time, memory usage, and storage consumed. Sprites also offer checkpoint and restore functionality, allowing users to quickly roll back a damaged environment.

New design for security

Sprites differ from Fly.io’s standard VMs in that they have a completely redesigned storage architecture and different orchestration. Unlike standard Fly VMs, Sprites are not based on Docker images. Mackey acknowledged on Hacker News that the standard flyctl interface is complex. The Sprite CLI should remedy these issues.

Although Sprites can handle different workloads, Fly.io focuses specifically on agentic coding. The company installs Claude as a standard option. AI coding introduces vulnerabilities such as prompt injection and hallucination, which makes execution on a developer’s local machine risky. Research shows that by June 2025, AI-generated code introduced more than 10,000 new security issues per month at large organizations. DevClass highlights a painful example of the danger posed by AI-driven coding assistance. A Google Antigravity user lost their entire D drive because the AI tool “accidentally” deleted it.

Growing security concerns

Even within isolated environments, agents remain vulnerable, often due to API access to systems such as GitHub. Fly.io developer Thomas Ptacek announced that the company will soon release an open-source version for local execution. This should offer developers who prefer local environments over cloud providers a safer option than Docker containers or current local tools.

Top story

JFrog brings order back to a software supply chain under AI pressure

Generative AI and AI agents are rapidly changing the way software is developed. Tools such as Cursor, Claude ...

Berry Zwets December 12, 2025

Expert Talks

Tech calendar

Fly.io puts AI agents in VMs, not containers

New design for security

Growing security concerns

Stay tuned, subscribe!

EU calls on open source to break away from US firms

From vulnerability whack-a-mole to strategic risk operations

SAP's AI workforce strategy: upskilling 100,000 employees

Workday Rising EMEA: platform transformation: Pipedream, AI agents and sovereignty

How Capgemini transformed HR for 400,000 employees globally

Why Salesforce built three levels of AI commerce agents

AI audit trails: the next step toward responsible AI for businesses

6 predictions for the AI economy: 2026’s new rules of cybersecurity

Cybersecurity in 2026 demands managing human behavior and agentic AI

Digital sovereignty: from buzzword to business imperative

Appdevcon

Webdevcon

Dutch PHP Conference

De IT Afdeling van de toekomst

GITEX ASIA 2026

SAS Innovate 2026

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices