What is Firecracker microVM (Securie's sandbox)?

Updated Apr 24, 2026

AWS-developed lightweight VMM (Virtual Machine Monitor) for ephemeral, isolated VMs. Securie uses Firecracker microVMs for prove-don't-flag exploit reproduction.

Full explanation

Firecracker boots a VM in ~125ms with hardware isolation (Intel VT-x / AMD SVM). Securie's sandbox-v0 crate uses Firecracker to spawn ephemeral VMs per-finding, replay the suspected exploit, and confirm reproducibility before filing. No reproduction = no finding.

Example

Securie's AuthAuthz specialist suspects BOLA on /api/orders/[id]. Sandbox-v0 spawns a Firecracker VM, seeds two test users + sample orders, attempts cross-tenant read. If it succeeds, finding is filed with the exploit log attached.

FAQ

Why microVM vs container?

Hardware isolation. The exploit's blast radius is bounded to the VM; no host kernel attack surface.