GitHub's sub-millisecond VM sandboxes for AI agents use copy-on-write forking to eliminate traditional VM boot times. Instead of launching fresh VMs per execution, Firecracker boots a pre-configured Python/Numpy environment once, snapshots the state, and forks new KVM VMs via MAP_PRIVATE memory mappings. Each sandbox inherits the parent's memory with hardware-enforced isolation, achieving 0.8ms startup latency while maintaining separate guest kernels and page tables.

The innovation centers on copy-on-write forking efficiency. A single Firecracker instance creates a template VM with runtime dependencies, then forks new instances in under 0.8ms by mapping snapshot memory as private copies. This contrasts with container approaches, as each sandbox runs a full KVM virtual machine with distinct memory spaces. Benchmarks show 8ms for Python code execution versus 1000ms+ in traditional setups, with memory per sandbox averaging 265KB.

Key technical challenges included resuming snapshotted VM states accurately. The system uses Rust-based SDKs for Python and Node.js, exposing APIs like `sandbox.run("print(1 + 1)")` with hardware-backed isolation. Stress tests demonstrate 815ms for 1000 concurrent forks, outperforming alternatives by orders of magnitude. The project emphasizes that while the core mechanics work, the prototype remains unproduction-hardened.

Open-sourced under Apache-2.0, Zeroboot provides SDKs and deployment guides for developers. The project's GitHub repository includes benchmarks comparing it to E2B and Daytona, showing 50-100x improvements in spawn latency. For AI agents requiring frequent isolated executions, this represents a significant leap in cold-start performance, though security implications of shared memory mappings warrant further scrutiny.