On the AI Kubernetes Show, host William Chia chats with Bailey Hayes, CTO at Cosmonic and At-Large Director for the Byte Code Alliance, to discuss how AI is reshaping platform engineering and software development. They cover her personal AI use, the impact of non-deterministic programming, and the critical role of WebAssembly (Wasm).
This blog post was generated by AI from the interview transcript, with some editing.
Hayes uses AI in several ways to optimize her personal workflow, including code development and managing her schedule. For coding? Absolutely! Hayes uses Claude Code every day to write code.
Hayes is also building a sandbox for MCP and agentic workloads and agents to optimize her personal life. One agent joins Zoom automatically because if it doesn't, well, she forgets to join her calls. Haven't we all been there? The agent runs locally in a WebAssembly sandbox. Written in TypeScript and compiled to a .wasm file, Hayes runs her agent using the command line tool WASH, the WebAssembly shell.
To create her Zoom-joining agent, Hayes made her own Model Context Protocol (MCP) server. She said it was fairly easy. Anyone can use the template and wizard she created on https://sandboxmcp.ai, which, of course, is also in WebAssembly. For anyone wanting to write their own MCP server, she recommends starting with working code written by a human, rather than vibe coding your MCP server and then iterating. It's much easier to start with something that actually works and improve it.
LLMs’ nondeterministic inputs and outputs challenge the traditional engineering mindset, which is typically focused on solid inputs and outputs. This leads to two major process shifts engineers need to adopt.
(1) API fuzz testing: If engineers don't API fuzz test all of their APIs now, their customers and certain LLMs will, and that won't end well. The best way to start fuzz testing is by generating test inputs from an LLM. You'll need to provide the technical specs for building out continuous integration, pausing and automatically generating different types of inputs for your request and response bodies that are almost right, but not quite.
(2) AI-native API design: LLM hallucinations can be a great code smell for improving your API. Hallucinations often indicate that the API should have been structured that way, pushing us to better design our APIs and make them more AI-native: more intent-driven and designed around natural language with strong descriptions. Non-deterministic outputs represent a great opportunity to learn whether the API design should be changed.
According to Hayes, WebAssembly is the perfect AI solution and a key tool adopted by platform engineering teams today. Here's why.
Scale and isolation: Wasm provides a sandbox that allows for efficient, multi-tenanted, and isolated bin packing. You can literally run thousands of agents and thousands of MCP servers on the same runtime, at scale, extremely efficiently, and all sandboxed.
Security (least privilege): Unlike conventional containers that may include shells or file systems, a Wasm bytecode execution only has access to a specific set of host capabilities that are wired together into the .wasm file. Hayes’ Zoom agent, for example, only needs to make an outgoing HTTP request. "I don't give shell access. I don't give file system access. I lock that thing down, just making HTTP outgoing requests."
Observability: Using a container that runs Wasm Cloud allows for existing tools like Linkerd's MCP observability layer to directly mesh with the container, providing good observability of what your MCP servers are doing at the HTTP layer 7.
Hayes was particularly excited to share some upcoming Byte Code Alliance developments, including the WASI P3 Standard. The next major release of the standard, called WASI P3 (WebAssembly systems interfaces), is aimed for release soon.
We can also look forward to a composable concurrence of the WebAssembly, allowing two Wasm sandboxes written in two entirely different languages to be composed together and pass a resource stream over that pipe with zero copies.
Lastly, the new standard will feature native language bindings to concurrency primitives that lower the level of the WebAssembly runtime layer. This will translate into better support for Python (critical for AI), Golang (Go routine support), and C#.NET. In short, lots to look forward to in the Wasm world!
When asked for CTO-to-CTO advice, Hayes provided two recommendations for organizations adopting AI and prioritizing the deluge of tools and technologies:
To catch up with the work Bailey Hayes is doing, she recommends connecting through the following channels:
The introduction of new concepts like agentic workloads, is reshaping platform engineering. These workloads are best run in a secure, isolated WebAssembly (Wasm) sandbox. It also calls for two major process shifts for engineers: API fuzz testing for non-deterministic inputs/outputs, and designing AI-native APIs that are more intent-driven and descriptive.
Wasm is an ideal solution for AI for three main reasons:
Hayes offers two key recommendations for organizations adopting AI: Golden Template: Establish a golden template with pre-solved, secure authentication and authorization to create a set of foundational principles that AI should not be allowed to "mess with."
Focus on Fundamentals: Remember that you are still solving the same fundamental compute problems (scale and security), just at a much larger scale, and the best way to handle this is to sandbox your AI.
The next major release of the standardized interfaces, called WASI P3, is aimed for release soon. Key features include:
Copyright © 2025 Buoyant Inc.
