Altrina is building what they call an operating system for regulated industries: An AI agent automation platform designed for healthcare, government, legal, and financial services. Unlike general-purpose agent builders, Altrina’s platform handles workflows where mistakes mean millions in liability: Multi-stakeholder processes with multiple human-in-the-loop approval points, running deterministically whether it’s the first execution or the fifty-thousandth.

The team is focused on healthcare records retrieval, claims processing, and other high-stakes workflows where agents interact with browsers, file systems, and code execution environments simultaneously.

This is the story of how their sandbox infrastructure evolved from a patchwork of vendors to a unified microVM architecture on Unikraft.

The Problem

AI agents that operate in regulated industries aren’t simple API calls. Each agent session needs a full browser (for navigating EHR systems and portals), a file system (for downloading and manipulating records), and a code execution environment all in one place, all fully isolated, and all running with zero tolerance for failure.

Altrina started, as many agent companies do, by stitching together specialized vendors:

• A hosted browser provider for browser-based workflows
• A separate file system module for document handling
• A third-party code execution service for arbitrary computation

The problem with this set was that it’s hard to manage and introduces failure points and pretty significant latency. An agent downloading a file from a browser needs to get it to the file environment, code that needs to run CDP commands on the browser requires a round trip to yet another service, etc. Every action crossed a network boundary…

“The code that needed to be executed generally was either running direct CDP commands on the browser or manipulating some file. The code execution on its own was useless unless we uploaded files to this third party sandbox, did whatever we needed to do, and brought it back. It got pretty messy.”

— Mohammed Nasir, CEO & Co-Founder

Each network hop adds latency and each vendor adds a point of failure. In healthcare (where an agent is for example retrieving patient records from an EHR) any crash, any dropped connection, any outage is unacceptable.

The Journey: From Multi-Vendor to Unified Sandbox

Altrina’s infrastructure evolution happened in stages, each one overcoming an issue:

Phase 1 - Separate everything: Browser from one provider, file system as a separate module, code execution from a third. The agent orchestrated across all three.

Phase 2 - Unified container: The team consolidated the browser, code execution, and file system into a single Docker container. One sandbox, one agent, everything co-located. This eliminated the network hops between vendors and gave them a working architecture.

Phase 3 - The Docker ceiling: Docker kind of got the job done, but each container took 15-60 seconds to boot. On a single server, they could run about 25–30 concurrent containers before stability degraded. For a team focused on customer-facing features rather than infrastructure, managing Docker at scale was pulling attention from the product.

Phase 4 - Unikraft microVMs: When Altrina discovered Unikraft, the migration was fast. They signed up, hit the base tier’s image size limit, reached out on a Thursday, and by the following week had a dedicated bare-metal machine provisioned for a free pilot.

The Solution: Co-Located Agent Sandboxes on Bare Metal

Altrina’s architecture puts the entire agent environment (browser, file system, code execution) inside a single Unikraft microVM. The agent itself lives outside and controls the sandbox over WebSocket, receiving screenshots and action metadata for observability.

What Changed

Boot time: 15 to 60 seconds became 200 milliseconds. Each microVM cold boots in 15 milliseconds, with another 200 or so milliseconds for WebSocket connection and network setup. Functionally instantaneous compared to the 15 to 60-second Docker startup.

Density: 3x improvement. On the same bare-metal server, Altrina runs 90 concurrent microVMs at full reliability, versus 25–30 Docker containers. They could theoretically push to 150, but in healthcare, zero crashes is the requirement, not maximum throughput.

Co-location eliminated network hops. With everything in one microVM, the round trips that plagued the multi-vendor setup disappeared. Code execution that previously took half a second of network overhead now runs locally and instantly.

CI/CD with a single command. Altrina’s deployment is a GitHub Action that runs kraft deploy after pre-deploy tests pass. Push to the release branch, and it ships. Mohammed pointed Cursor at Unikraft’s documentation to set up the integration and it just worked.

“Anytime we make a release on the image repo, it automatically deploys to Unikraft. It’s literally just one command. It’s hooked up to a GitHub Action as soon as it passes our pre-deploy tests. It just pushes, awesome!”

— Mohammed Nasir, CEO & Co-Founder

Reliability as a Feature

The defining constraint for Altrina is reliability, not just speed or density. Their healthcare customers cannot tolerate crashes, ever. So rather than maximizing microVM count per server, they run at a level that guarantees zero failures under full load.

“We need to assume that all of our containers are running at full tilt all the time. This is mission-critical operations where you cannot have any crashes, ever, for any reason. In theory we could run 150, but at full blast with guaranteed zero crashes, the number is 90 per server.”

— Mohammed Nasir, CEO & Co-Founder

The Collaboration

For Altrina, S-tier infrastructure support is crucial. They want to focus on shipping instead of managing infra. They describe the partnership with Unikraft as hands-on and responsive, with coordinated upgrades and individual attention to their system.

“The experience from the product to the onboarding and the commercial side of things was absolutely perfect. If there are any issues, you guys are super responsive and help us debug.”

— Mohammed Nasir, CEO & Co-Founder

Summary

Unikraft Cloud provides millisecond cold starts, transparent scale-to-zero, and hardware-level VM isolation for every workload. Get started or book a call with our CEO Felipe — he is an engineer too, no fluffy sales talk in this conversation :)