Wasm’s second act for secure agent plugins

Cosmonic showcased wasmCloud v2 and its Cosmonic Control play at KubeCon EU 2026, explicitly rearchitecting wasmCloud to integrate with Kubernetes APIs rather than a proprietary orchestration layer to meet enterprise requirements. (wasmcloud.com)) Akamai completed its acquisition of Fermyon in December 2025, folding Fermyon’s Spin/SpinKube tooling into Akamai’s edge strategy. (networkworld.com)) Fermyon’s Wasm Functions — highlighted at recent KubeCon coverage — has been marketed with claims of 75 million requests-per-second and sub-millisecond cold starts for its serverless Wasm engine. (efficientlyconnected.com)) Helm 4’s new plugin architecture uses WebAssembly sandboxes to run plugins cross-architecture and reduce risk from native binaries, shifting Helm toward a programmable, policy-aware delivery platform. (thenewstack.io)) Microsoft’s Wassette runtime, introduced in 2025, runs WebAssembly Components with a deny-by-default permission model and can autonomously fetch components from OCI registries while bridging into the Model Context Protocol (MCP) for agent tooling. (opensource.microsoft.com)) CNCF’s Agentics Day (co‑located with KubeCon EU, March 23–26, 2026) centered on the Model Context Protocol and included practical talks such as Alibaba’s “Sandbox Operator: Enabling Session‑Aware, Efficient MCP Tool Execution in Kubernetes.” (cncf.io)) Work on observability for Wasm agents is advancing: a KubeCon session covered compiling the OpenTelemetry Collector to Wasm to capture telemetry in constrained Wasm hosts, and open SDKs like Observe provide runtime tracing/metrics for Wasm components. (colocatedeventseu2026.sched.com)) Cosmonic’s product literature also states Cosmonic Control integrates with OpenTelemetry, CI/CD, namespaces and RBAC so Wasm‑hosted agents can emit telemetry into existing platform pipelines. (cosmonic.com))