Inspect and filter every HTTP request leaving your microVM (slicervm.com)

Slicer has unveiled its new Certificate Authority (CA) support, enabling inspection and mutation of egress traffic from microVMs through a host-side proxy. This update allows users to define precise egress rules, including secret injection, path and method allow-listing, and request rewriting. Slicer is designed to host various infrastructures, such as web servers and Kubernetes, while ensuring that secrets, like API tokens, are kept secure and out of the microVM environment. This capability is especially crucial for preventing resource leaks and potential exploitations in AI agents accessing large language models (LLMs). The significance of this announcement lies in Slicer's ability to provide a robust solution for egress filtering amidst an increasing number of proxy implementations powered by AI. Key features include the ‘default deny’ policy for untrusted workloads, granular control over network access throughout the VM's lifecycle, and the capability to manage OAuth credentials securely. Slicer’s proxy architecture offers a coherent workflow for configuring and launching microVMs while safeguarding sensitive information and ensuring controlled access, laying the groundwork for broader implementation in secure AI-driven environments. Users can readily experiment with the Slicer proxy via a simple update command, further enriching their development toolsets.