Hyperlight, which has been submitted to CNCF, adds a new layer of security to WebAssembly workloads. By leveraging hardware-assisted virtualization via KVM or Hyper-V, Hyperlight creates ultra-lightweight microVMs that could be embedded into your application to run purpose-built guest binaries.

In this talk, we explore how integrating Hyperlight with the Envoy proxy enhances security for WebAssembly filters, adding an extra layer of isolation where needed to protect shared infrastructure.

We will compare use cases for Hyperlight to those of other virtual machine monitors, demonstrate the implementation of an Envoy network filter using Hyperlight, and discuss performance benchmarks. You will leave ready to utilize Hyperlight to build robust and scalable production solutions with a solid defense-in-depth strategy.