InfoQ Homepage Containers Content on InfoQ
-
AWS Launches Lambda MicroVMs for Isolated Agent and User Code Execution
AWS launched Lambda MicroVMs, a new serverless compute primitive that runs each user session or AI agent in its own Firecracker virtual machine with hardware-level isolation, snapshot-based rapid launch, and state preservation for up to eight hours. Reddit community analysis found the minimum setup costs $3.03/day, roughly 9x Fargate spot pricing.
-
AWS Graviton5 Reaches General Availability with 192 Cores and Formally Verified VM Isolation
AWS made Graviton5-powered EC2 M9g and M9gd instances generally available with 192 ARM cores, formally verified VM isolation via the Nitro Isolation Engine, and DDR5-8800 memory. ClickHouse reported 36% better performance with zero code changes. Meta committed tens of millions of cores. On-demand pricing is 9% above Graviton4, translating to roughly 15% better price-performance.
-
Athena Coalition Brings Coordinated Defence to Open Source Security
Cybersecurity firm Chainguard has announced the launch of Athena, an industry coalition to use artificial intelligence to find and fix vulnerabilities in widely-used open-source software before attackers can exploit them. The coalition focuses on libraries, containers and other components that underpin web browsers, data centres, smartphones and payment systems.
-
Building and Scaling a Platform with Project-as-a-Service
When a platform started with total developer autonomy, teams felt overwhelmed and ended up solving the same problems in completely different ways. The company shifted to enablement over support, working together with teams intensively, and helping teams feel confident and capable, turning the right way into being the easiest way.
-
Microsoft Announces Azure Linux 4.0, Its First General-Purpose Server Linux Distribution
Microsoft announced Azure Linux 4.0 and Azure Container Linux at Open Source Summit. Azure Linux 4.0 is a Fedora-based general-purpose server distribution for Azure VMs, the first time Microsoft has offered a supported Linux beyond container hosting. Azure Container Linux is an immutable container-optimized host built on Flatcar.
-
Google Announces GKE Agent Sandbox and Hypercluster at Next '26
Google announced GKE Agent Sandbox and hypercluster at Cloud Next '26. Agent Sandbox uses gVisor kernel isolation for secure agent code execution at 300 sandboxes per second, built as an open-source Kubernetes SIG Apps subproject. It is currently the only native agent sandbox among the three major hyperscalers. Hypercluster manages a million chips from a single control plane.
-
Kubescape 4.0 Brings Runtime Security and AI Agent Scanning to Kubernetes
Version 4.0 of the open source Kubernetes security platform Kubescape has been released, bringing runtime threat detection and a new set of AI-era security features. This is the first time the project has targeted the security of AI agents themselves, alongside its established scanning capabilities.
-
Netflix Uncovers Kernel-Level Bottlenecks While Scaling Containers on Modern CPUs
Engineers at Netflix have uncovered deep performance bottlenecks in container scaling that trace not to Kubernetes or containerd alone, but into the CPU architecture and Linux kernel itself.
-
BellSoft Survey Finds Container Security Practices Are Undermining Developers’ Own Goals
Container security incidents are becoming a routine reality for software teams, and the tools meant to protect them may be making the problem worse.
-
Chainguard Finds 98% of Container CVEs Lurking outside the Top 20 Images
The latest State of Trusted Open Source report from Chainguard gives details on current industry thinking about vulnerabilities in container images and the long tail of open-source dependencies. The report offers a data-driven view of production environments based on more than 1,800 container image projects and 10,100 vulnerability instances observed between September and November 2025.
-
Kubernetes 1.35 Released with In-Place Pod Resize and AI-Optimized Scheduling
The Cloud Native Computing Foundation (CNCF) announced the release of Kubernetes 1.35, named "Timbernetes", emphasizing its focus on mutability and the optimization of high-performance AI/ML workloads.
-
Docker Makes Hardened Images Free in Container Security Shift
Docker has made its catalogue of more than 1,000 hardened container images freely available under an open source licence. Docker Hardened Images were previously a commercial offering launched in May 2025, but are now accessible to all developers under an Apache 2.0 licence with no restrictions on use or distribution.
-
AWS Launches ECS Express Mode to Simplify Containerised Application Deployment
AWS has released Amazon ECS Express Mode, bringing a simplified process to deploying containerised web applications and APIs. Express Mode lets users deploy production-ready services in one shot, bypassing the usual detail required around ancillary requirements such as IAM roles, load-balancers and scaling.
-
BellSoft Unveils Hardened Java Images
BellSoft has launched Hardened Images for Java containers, claiming 95% fewer CVEs and 30% resource savings. Built on Alpaquita Linux, the 3-in-1 solution combines runtime optimisation, OS hardening, and CVE remediation. It offers a secure, flexible alternative to Chainguard and Distroless, available now in three tiers.
-
KubeCon NA 2025 - Robert Nishihara on Open Source AI Compute with Kubernetes, Ray, PyTorch, and vLLM
AI workloads are growing more complex in terms of compute and data, and technologies like Kubernetes and PyTorch can help build production-ready AI systems to support them. Robert Nishihara from Anyscale recently spoke at KubeCon + CloudNativeCon North America 2025 Conference about how an AI compute stack comprising Kubernetes, PyTorch, VLLM and Ray technologies can support these new AI workloads.