WebAssembly Now Enables Stateful Workloads
The News
At KubeCon North America 2025, Cosmonic announced WasmCloud 2.0, a fundamental redesign that replaces the proprietary orchestration layer with Kubernetes API integration, driven by enterprise demand, with 98% of customers requesting Kubernetes alignment while retaining the flexibility to run in non-Kubernetes environments.
The release coincides with the next version of WebAssembly (Wasm), a major advancement enabling long-running stateful functions and code that support database drivers, ORMs, and persistent processes, addressing previous limitations where Wasm operated as a stateless reactor with isolated invocations.
Cosmonic released three white papers, including “eight principles of platform engineering,” emphasizing a new “Shift Down” concept that addresses developer complexity by providing smaller, more manageable deployment artifacts aligned with WebAssembly’s component-based nature, implemented through plugins and wizards for a smoother development experience, and provides enablement for understanding the overall Wasm direction.
Analyst Take
The company announced a strategic pivot toward AI-focused positioning, potentially rebranding to “Cosmonic.ai” with core messaging around “sandboxing agentic workflows,” driven by significant CISO interest. Cosmonic positions WebAssembly sandboxing as a critical defense against agentic workflow security risks identified in OWASP Top 10 for LLMs, including prompt injection, token exhaustion, insecure logging, remote code execution (RCE), and lateral movement.
The company emphasizes that standard agentic workflows involving an LLM, server, and resource (API or database) create non-deterministic inputs and outputs with specific security risks, and compiling the agent server to Wasm with sandboxing mitigates these threats, even if RCE vulnerability is exploited, the sandbox contains no system utilities or other code, preventing attackers from “living off the land” or moving laterally, providing defense against modern “CDE-less killchains” used by AI-powered penetration testing tools.
We discussed with Cosmonic as we cited research indicating 39% of organizations currently use WebAssembly, with significant adoption visible across the top million websites, including financial institutions (Truist, JPMC, Chase) and major platforms (Salesforce/Tableau/Slack, Adobe homepage/Express/Firefly/Photoshop, Autodesk), positioning server-side Wasm as the major on-premise opportunity to deliver Cloudflare Workers-style benefits to existing infrastructure like OpenShift, VMware, and Rancher.
SUSE integration discussions for the Wasm sandbox in their marketplace, and a joint white paper with Adobe on the “Shift Down” concept. Cosmonic emphasizes an architectural philosophy shift from “bringing the world to Wasm” to “bringing Wasm to the world” by integrating seamlessly into existing environments alongside containers using existing tools, targeting platform engineers who already provide developers with limited, sandboxed golden templates.
Cosmonic’s strategic pivot from a general-purpose WebAssembly platform to AI agent security positioning reflects pragmatic recognition that technology adoption requires compelling use cases rather than abstract architectural benefits. WebAssembly has struggled to achieve broad server-side adoption despite technical advantages around performance, portability, and security because the migration effort from containers to Wasm lacks a clear ROI for existing workloads.
AI agents represent greenfield deployments where organizations are building new infrastructure rather than migrating existing systems, creating adoption opportunities without legacy constraints. However, the positioning depends on whether CISOs and security teams recognize agentic workflow security as a sufficiently urgent problem that justifies adopting new runtime environments, or whether they view agent security risks as manageable through existing controls like network segmentation, least-privilege access, and monitoring.
The emphasis on OWASP Top 10 for LLMs risks, prompt injection, token exhaustion, insecure logging, RCE, and lateral movement, addresses genuine security concerns, but the claim that WebAssembly sandboxing provides superior protection requires validation against alternative approaches. Traditional container security with properly configured seccomp profiles, AppArmor/SELinux policies, and read-only filesystems also limits attacker capabilities after RCE exploitation.
WebAssembly’s capability-based security model provides finer-grained control than container namespaces and cgroups, but it also introduces operational complexity as teams must explicitly grant capabilities rather than relying on default container permissions. Organizations evaluating Wasm for agent security must determine whether the sandboxing benefits justify the development overhead of compiling to WebAssembly, managing capability grants, and debugging issues in Wasm runtime environments versus hardening container deployments with existing tooling and expertise.
WasmCloud 2.0’s shift from proprietary orchestration to Kubernetes API integration addresses the fundamental adoption barrier that prevented WasmCloud 1.0 from gaining enterprise traction. We believe organizations will not adopt platforms requiring entirely new orchestration layers when Kubernetes has become the de facto standard. The 98% customer demand for Kubernetes alignment validates this strategic direction, but it also reveals that WebAssembly’s architectural benefits alone were insufficient to overcome orchestration fragmentation.
The challenge is whether WasmCloud 2.0 provides sufficient differentiation from running containers on Kubernetes to justify adoption, or whether the operational benefits of Wasm (faster startup, smaller footprint, enhanced security) are marginal improvements that do not warrant introducing new runtime complexity. The flexibility to run without Kubernetes addresses edge and offline scenarios, but the “golden path” emphasis on Kubernetes deployment suggests the primary market is cloud-native environments where containers already work well.
WebAssembly’s stateful capabilities, supporting long-running functions, database drivers, and ORMs, address a fundamental limitation that restricted Wasm to stateless request-response patterns, but stateful Wasm also introduces complexity around state management, persistence, and failure recovery that containers and traditional application servers have solved through mature patterns and tooling.
Organizations must determine whether maintaining state within Wasm provides advantages over external state management through databases, caches, and message queues, or whether stateful Wasm simply reintroduces complexity that stateless architectures were designed to avoid. The “Shift Down” concept, providing smaller, more manageable deployment artifacts, aligns with microservices and component-based architecture trends, but the practical impact depends on whether WebAssembly’s component model actually simplifies development and deployment versus introducing new abstractions that developers must learn and platform teams must support.
Looking Ahead
Cosmonic’s success with the AI agent security positioning depends on whether the next 6-12 months validate significant CISO demand and budget allocation for agentic workflow sandboxing. The CISO alignment indicate initial interest, but conversion to production deployments requires demonstrating that WebAssembly sandboxing prevents real security incidents that alternative approaches would not catch, with an ROI that justifies the development and operational investment. The large LLM provider engagements provide high-profile validation opportunities, but these early adopters may have unique security requirements or technical sophistication that do not represent broader market needs. The company’s challenge is translating early CISO interest into a repeatable sales motion with a clear security value proposition, reference architectures, and ecosystem support that enable mainstream adoption rather than remaining a specialized solution for security-conscious early adopters.
The broader WebAssembly server-side adoption trajectory remains uncertain despite the 39% usage statistic and widespread client-side deployment across major platforms. Client-side Wasm succeeded because it enables capabilities (near-native performance for compute-intensive web applications, code portability across browsers) that JavaScript cannot match, creating clear value for use cases like Adobe Photoshop web, Autodesk CAD tools, and Figma.
Server-side Wasm must demonstrate similarly compelling advantages over containers to achieve mainstream adoption, whether through security benefits for AI agents, efficiency gains for multi-tenant platforms, or portability for edge deployments. The data localization trend that Cosmonic highlights, over 50 unique data locality zones with insurance and financial data most regulated, creates distributed deployment requirements where Wasm’s lightweight footprint and portability provide advantages, but organizations must determine whether these benefits justify the ecosystem immaturity, limited tooling, and skills gap relative to container-based deployments. Cosmonic’s architectural shift to “bringing Wasm to the world” by integrating with Kubernetes and existing tools addresses adoption barriers, but success requires the broader ecosystem, cloud providers, platform vendors, observability tools, and security solutions to provide first-class WebAssembly support that makes Wasm deployment as operationally mature as containers.
