# Kata Containers Kata Containers is an open-source (OpenInfra Foundation) runtime that runs each container inside its own lightweight VM, so workloads look and behave like ordinary containers while getting hardware-level isolation. It is OCI-compatible, so it plugs into Docker and Kubernetes as a drop-in runtime, backed by a [[microVM]] on KVM. ## Where it fits Kata gives you the container developer experience with a VM security boundary, which is why it shows up as a hardened backend under agent sandboxes like [[OpenSandbox]], next to [[gVisor]] and [[Firecracker]]. Versus gVisor it uses a real guest kernel (full compatibility, slightly heavier); versus plain containers it adds the VM boundary that shared-kernel isolation lacks. ## Related - [[microVM]] - [[gVisor]] - [[Firecracker]] - [[OpenSandbox]] - [[Containerization]] - [[Docker Sandboxes]] - [[AI Agents]]