when containers first came along, it wasn't always clear if that was a good enough isolation boundary, especially to people used to VMs; Kata Containers promises stronger isolation with the performance and scalability of containers. the coming V4 is poised for trusted AI at scale and sovereign cloud
Cloud providers already use Kata themselves: IBM and Ant Group (who runs Alipay) use it for multi-tenant isolation, running untrusted code in a CLI or CI/CD pipeline and increasingly, as an AI agent sandbox - again, that's untrusted code running on their infrastructure.
Azure uses Kata for its new sandbox pods; RedHat does the same with OpenShift sandbox containers and you can burst to the cloud for scale. Add in improved GPU management in the (increasingly rustified) V4 and Confidential Containers which now support TEES on GPU for privacy and integrity at scale
There *is* a little extra work to adopt Kata and more to move to confidential containers, but as trusted AI and sovereign cloud become more important priorities, Kata offers a way to do that without giving up Kubernetes: I talk to IBM, Red Hat and Ant about what it takes to run it in production
With the upcoming v4 release, Kata is stepping up from an isolation boundary for untrusted code to a mainstream option for sovereign cloud compute or trusted AI at scale.