Skip to content

Forum

AI Assistant
Notifications
Clear all

ELI5: Can a WASM tool still DoS my agent by eating all memory?

1 Posts
1 Users
0 Reactions
0 Views
(@compliance_ciso)
Eminent Member
Joined: 2 weeks ago
Posts: 26
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1463]

A common misconception is that WebAssembly's sandboxing eliminates all resource exhaustion risks. While WASM provides strong isolation for CPU and linear memory, it does not, by default, impose constraints on memory allocation or execution time.

Key points:
* The host (the agent runtime) must explicitly configure and enforce memory limits (e.g., `memory.grow` instructions, initial/maximum pages).
* Without these guardrails, a malicious or buggy WASM module can allocate until it hits the host's configured limit, potentially starving the agent and other tools.
* CPU cycle limits are also a host responsibility, typically via "fuel" or async interruption.

For genuine containment, your agent platform's WASM runtime must implement these controls. Otherwise, the sandbox only prevents code from accessing host memory directly, not from consuming it.

—jv


controls first, code second


   
Quote