the underlying vmm is libkrun: https://github.com/libkrun/libkrun is battle tested and used for podman.

It provides kernel isolation for running untrusted code which is a security boundary that traditional containers can't guarantee.

I'm engaged with a third party security penetration company for their review, and will be happy to share it publicly when it is available.

thank you. definitely enjoying smol. this is a very nice alternative to docker, orbstack even firecracker