Run 100,000 agents. On one server. Under 5ms cold boot.
Hardware-level isolation. No shared kernel. No Linux CVE surface. Deploy on-prem, BYOC or dedicated hosts... you own the stack.
Cold boot per instance
Instances per server
Kernel footprint
Shared kernel CVE surface
Not a faster container. A different category
Every competitor in this space is built on Linux microVMs or containers — sharing a kernel, retrofitting isolation, fighting against generality. BareMetal OS is purpose-built.
| Platform | Cold Start | Isolation | On-Prem | Instances / Server | Kernel Footprint | Linux CVE Surface |
|---|---|---|---|---|---|---|
| BareMetal OS | <5ms | Exokernel (hardware) | ✓ Full stack | 100,000+ | ~16MB | None |
| Blaxel | 25ms (resume) | Proprietary | ✗ | — | Linux | Full |
| Daytona | 27–90ms | Docker / Kata (opt) | ✗ | Thousands | Linux | Full |
| E2B | ~150ms | Firecracker microVM | OSS (complex) | Thousands | Linux | Full |
| Modal | <1s | gVisor | ✗ | 20,000 | Linux | Full |
| Northflank | competitive | Kata + gVisor | BYOC (cloud only) | — | Linux | Full |
An exokernel passes hardware resources directly to applications — no general-purpose OS abstraction layer, no legacy subsystems, no shared kernel between workloads.
BareMetal OS is an exokernel: it multiplexes hardware resources without abstracting them. Applications get direct, protected access to CPU, memory, and network — with no OS-imposed indirection layer consuming cycles.
Every agent instance runs its own minimal kernel. There is no shared kernel state to escape, no CVE to exploit laterally. Isolation is architectural, not a policy applied after the fact.
Because the kernel is 16MB and purpose-built for this workload class, boot is a memory copy, not a full OS init sequence. An instance is live before Linux has finished initializing its network stack.
Deploy on your hardware. Bring your own cloud account. Or use dedicated hosts provisioned by Return Infinity. No managed cloud dependency. Your data does not leave your infrastructure.
For teams that have outgrown
managed sandboxes.
Every competitor in this space is built on Linux microVMs or containers — sharing a kernel, retrofitting isolation, fighting against generality. BareMetal OS is purpose-built.
The common requirement: your workloads carry data, models, or threat payloads that cannot travel to a third-party cloud. And you need more density than Linux microVMs can deliver.
Run compound simulation pipelines, molecular dynamics agents, and clinical trial optimization at hyperscaler density — on your hardware, inside your firewall, with full GxP audit trails.
"Run 100,000 molecular simulation agents per server — without handing your compound library to a cloud provider."
Autonomous red team agents executing live exploit payloads need stronger isolation than any container provides. BareMetal OS eliminates the shared kernel — and the escape path with it.
"Boot, exploit, destroy in under 5ms — with no kernel left behind for the next tenant."
The infrastructure backend your enterprise customers have been asking for. Offer a dedicated-host compute tier with hardware isolation that Modal, E2B, and Northflank structurally cannot provide.
"Let your enterprise customers say: our agents run on hardware we control, with a kernel no one else touches."
Quantitative research pipelines, compliance automation, and trading infrastructure — all with deterministic scheduling latency and full deployment sovereignty required by MiFID II and SEC audit rules.
"Quant agents on hardware you own, with scheduling jitter measured in microseconds, not milliseconds."
Run your first 100,000-agent workload
We're working with a select group of early infrastructure partners.
If you're building agent platforms, pharma compute pipelines, or security tooling at scale, let's talk.
We use cookies to improve user experience. Choose what cookie categories you allow us to use. You can read more about our Cookie Policy by clicking on Cookie Policy below.
These cookies enable strictly necessary cookies for security, language support and verification of identity. These cookies can’t be disabled.
These cookies collect data to remember choices users make to improve and give a better user experience. Disabling can cause some parts of the site to not work properly.
These cookies help us to understand how visitors interact with our website, help us measure and analyze traffic to improve our service.
These cookies help us to better deliver marketing content and customized ads.