[Threat Model] Why We Give AI Agents sudo in a MicroVM, Not a Container

The scariest two words in our product copy are "sudo access." An AI agent that can install packages, spin up a Postgres instance, and run whatever code it just wrote is the entire point of a builder s