Key takeaways
- Docker-like CLI for running containers in VMs — pull, run, exec, logs with multi-hypervisor support (Cloud Hypervisor, Firecracker, QEMU, Apple Virtualization.framework)
- Built by Kernel, which raised $22M in Seed + Series A led by Accel (with YC, Vercel Ventures, SV Angel) for browser infrastructure for AI agents — Hypeman powers their browser isolation layer
- v0.1.0 (June 2026) added UFFD-paged fast restores, VM forking, health checks with restart policies, auto-standby, vGPU support, and always-on metrics — a clear shift toward production hardening
- Still early but accelerating (Go, MIT license) — 164 GitHub stars as of June 2026, daily commits, from the same team behind kernel-images (931 stars, browsers-as-a-service)
FAQ
What is Hypeman?
Hypeman is an open-source tool that runs containerized workloads inside VMs with a Docker-like CLI. It supports multiple hypervisors including Cloud Hypervisor, Firecracker, QEMU (Linux/KVM), and Apple Virtualization.framework (macOS/Apple Silicon).
Who built Hypeman?
Kernel (kernel.sh), a YC-backed company that raised $22M in Seed and Series A funding led by Accel. Founded by Catherine and Raf — Raf was co-founder/CTO of Clever (YC S12, $500M exit). Kernel builds browser infrastructure for AI agents.
How do you install Hypeman?
One-liner install: curl -fsSL https://get.hypeman.sh | bash. Then use Docker-like commands — hypeman pull, hypeman run, hypeman ps, hypeman exec, hypeman logs.
How does Hypeman compare to Firecracker or Kata Containers?
Firecracker is a low-level microVM VMM — you build your own orchestration. Kata Containers is Kubernetes-native. Hypeman gives you Docker-like UX on top of multiple hypervisors including Firecracker. It is higher-level and easier to get started with.
Executive Summary
Hypeman is an open-source tool from Kernel that runs containerized workloads inside VMs with a Docker-like developer experience. Instead of choosing between container convenience and VM-level isolation, Hypeman gives you both — pull a container image, run it in a VM, and manage it with familiar commands like hypeman run, hypeman exec, and hypeman logs.
Built by Kernel, which raised $22M in Seed and Series A funding led by Accel (with Y Combinator, Cintrifuse Capital, Vercel Ventures, and SV Angel participating) for browser infrastructure for AI agents, Hypeman is the engine that powers their browser isolation layer — each browser session runs in its own isolated VM.
Status (June 2026): actively developed. The repo shows daily commits (last push June 10, 2026), and v0.1.0 — the first minor release — shipped June 5, 2026 with production-hardening features.
| Attribute | Value |
|---|---|
| Company | Kernel (kernel.sh) |
| Founded | Oct 2025 (repo); Kernel est. earlier |
| Funding | $22M Seed + Series A, led by Accel |
| Founders | Catherine and Raf (ex-CTO of Clever, YC S12) |
| Headquarters | San Francisco |
| GitHub | 164 stars, 12 forks, Go, MIT license (as of June 2026) |
| Latest release | v0.1.0 (June 5, 2026) |
Product Overview
Hypeman abstracts away hypervisor complexity behind a Docker-like CLI. You pull OCI container images, run them in VMs, and interact with them using commands any Docker user already knows. Under the hood, it supports four hypervisors:
- Cloud Hypervisor — modern Rust VMM for cloud workloads
- Firecracker — AWS's microVM monitor (powers Lambda/Fargate)
- QEMU — the venerable general-purpose emulator (Linux/KVM)
- Apple Virtualization.framework — native macOS/Apple Silicon virtualization
Key Capabilities
| Capability | Description |
|---|---|
| Docker-like CLI | pull, run, ps, exec, logs — familiar commands |
| Multi-hypervisor | Cloud Hypervisor, Firecracker, QEMU, Apple Virtualization.framework |
| Standby/Restore | Snapshot VMs to disk and restore them instantly |
| Ingress | Built-in TLS termination and subdomain routing |
| OCI Images | Pull and run standard container images (auto-pull on create, OCI cache GC) |
| macOS Support | Native Apple Silicon via Virtualization.framework |
| VM Forking | Fork a running VM into copies, with UFFD-paged fast restores (v0.1.0) |
| Lifecycle | Health checks, restart policies, auto-standby, scheduled snapshots (v0.1.0) |
| Observability | Always-on metrics, per-phase timings, lifecycle/hypervisor tracing (v0.1.0) |
| vGPU | vGPU passthrough support (v0.0.5) |
Installation
curl -fsSL https://get.hypeman.sh | bash
Basic Usage
hypeman pull ubuntu:latest
hypeman run ubuntu:latest
hypeman ps
hypeman exec <vm-id> -- bash
hypeman logs <vm-id>
Technical Architecture
Hypeman is written in Go and licensed under MIT. The architecture sits between the user and the hypervisor — translating Docker-like commands into hypervisor-specific API calls. The multi-hypervisor abstraction means you can switch backends without changing your workflow.
Key Technical Details
| Aspect | Detail |
|---|---|
| Language | Go |
| License | MIT |
| Hypervisors | Cloud Hypervisor, Firecracker, QEMU, Apple Virtualization.framework |
| Images | OCI container images |
| Networking | Built-in ingress, TLS termination, subdomain routing, optional egress MITM proxy |
| State | Standby/restore (snapshot to disk), VM forking, diff-snapshot reuse |
Release History
| Release | Date | Highlights |
|---|---|---|
| v0.1.0 | Jun 5, 2026 | UFFD fast restores, health checks/restart policies, auto-standby, always-on metrics, egress MITM proxy, Cloud Hypervisor v51.1, scoped API keys |
| v0.0.7 | Mar 3, 2026 | Firecracker hypervisor support, VM forking, macOS standby/restore/fork |
| v0.0.6 | Feb 17, 2026 | macOS support via Apple Virtualization.framework, erofs rootfs with LZ4 |
| v0.0.5 | Jan 16, 2026 | vGPU support, build-from-source script |
| v0.0.1–0.0.4 | Dec 2025–Jan 2026 | Initial public releases |
Related Repositories
| Repo | Stars | Description |
|---|---|---|
| kernel-images | 931 | Browsers-as-a-service container images |
| hypeman-cli | — | CLI interface |
| hypeman-go | — | Go SDK |
| kernel-node-sdk | — | Node.js SDK |
| kernel-python-sdk | — | Python SDK |
Notable Contributors
sjmiller609, hiroTamada, rgarcia, juecd, tnsardesai
Market Context
Hypeman enters the growing container-to-VM runtime space alongside tools like Firecracker, Kata Containers, and gVisor. What differentiates it is the developer experience — while Firecracker gives you a low-level VMM API and Kata Containers integrates with Kubernetes, Hypeman gives you docker run but with VM isolation.
The timing is right. AI agent sandboxing is driving demand for VM-level isolation with container-level convenience. Running untrusted LLM-generated code in shared-kernel containers is a security nightmare — VMs provide the hard boundary that containers cannot.
Kernel uses Hypeman internally to power their browser isolation infrastructure, where each AI agent's browser session runs in a dedicated VM. This dogfooding gives them real-world production feedback that most open-source VM tools lack.
Competitive Position
Strengths:
- Docker-like UX lowers the barrier to VM adoption dramatically
- Multi-hypervisor support — not locked into one VMM
- Backed by well-funded team with production use case
- macOS/Apple Silicon support (rare in this space)
- Standby/restore for fast cold starts
Weaknesses:
- Still early (164 stars, 12 forks as of June 2026 — small community)
- Minimal external traction: the Show HN post drew only 3 points and zero comments, and contributors are overwhelmingly Kernel employees
- Go in a Rust-dominated VMM ecosystem
- Kernel's primary business is browser infrastructure, not Hypeman itself
- Limited documentation compared to mature alternatives
Founding Team
Kernel was founded by Catherine and Raf. Raf was previously co-founder and CTO of Clever (YC S12), which exited for ~$500M. That enterprise infrastructure pedigree shows in Hypeman's production-oriented features like ingress, TLS, and snapshot/restore.
Bottom Line
Hypeman is the most developer-friendly entry in the container-to-VM space, and the v0.1.0 release (June 2026) shows it maturing fast — fast forks, health checks, and real observability in under nine months of public development. The risk is concentration: nearly all development comes from Kernel's own team, and community adoption (164 stars, 12 forks) has not yet caught up with the engineering pace.
Recommended for: teams sandboxing AI agent workloads who want VM isolation without building Firecracker orchestration themselves; macOS/Apple Silicon developers (rare native support); snapshot-heavy workloads that benefit from VM forking and fast restores.
Not recommended for: Kubernetes-native deployments (use Kata Containers); teams that need a large community and battle-tested ecosystem (use Firecracker or gVisor directly); anyone needing long-term-support guarantees from a vendor whose core business is browser infrastructure, not the runtime.
Outlook: Kernel's $22M raise and internal dogfooding make abandonment unlikely near-term. Watch whether external contributors and stars grow post-v0.1.0 — if adoption stays Kernel-internal, Hypeman remains a well-built single-vendor tool rather than an ecosystem.
See Also
- Container-to-VM Runtimes Compared — how Hypeman fits in the broader landscape
- AI Agent Sandboxes Compared — sandbox platforms for AI agent code execution
Research by Ry Walker Research