Five Reasons WebAssembly-Based Containerization is the Future for Scaling Embedded AI

AI models are increasingly being deployed at the edge to yield faster and more actionable insights, reduce network bandwidth consumption, maintain privacy, and improve customer experiences. While a portion of the edge AI potential is with more capable server-class hardware, there’s a massive opportunity to tap into the billions of embedded devices and systems in the physical world.  Examples include sensors, cameras, IoT gateways, industrial controllers, robots, drones, and cars. 

Traditional embedded development is fraught with challenges stemming from monolithic firmware that’s tightly coupled to hardware, requiring long development cycles with specialized skills. The rigid nature of firmware makes it difficult for increasingly global teams to collaborate due to the need to share and integrate source code. Once deployed, embedded devices are challenging to update in the field, requiring reboots that disrupt operations and the risk of bricking the device if there’s an issue.  

Traditional embedded development challenges are magnified when implementing on-device AI. Models must be optimized for limited hardware resources or specific chipsets but AI developers often lack understanding of low-level embedded systems. This gap makes close collaboration between AI and embedded engineers essential, but also complex and error-prone.

In addition, edge AI necessarily increases the update cadence of devices in the field as models are inevitably fine-tuned over time.  This is exacerbated with embedded devices powered by tightly integrated firmware with every line of code compiled into a single binary. Even the smallest code update requires full recompilation, retesting, and redeployment of the entire firmware binary, and even small changes can introduce system-wide risk.

To effectively scale AI on embedded devices, developers would benefit from tools to simplify integration with other device functions and deploy and manage models independently in the field without affecting other device code or requiring reboots.  Modularity through containerization makes a lot of sense for this, but traditional container technologies like Docker are too heavy for resource-constrained devices running embedded Linux, and a non-starter for MCU-based devices.  

Here’s where WebAssembly (Wasm) comes in. Wasm is an established technology in all modern web browsers as well as edge devices like the Amazon Firestick, and is increasingly being leveraged in other areas spanning cloud to edge.  As a compile target that isn’t dependent on Linux, Wasm is an ideal technology to enable software containerization on both CPU and MCU-based devices with memory footprints as small as 256 KB. The technology is poised to completely redefine how we approach embedded development.  

To learn more about the fundamentals of Wasm, check out our CTO Stephen Berard’s two part blog. Read on for the benefits of Wasm-based containerization specifically for scaling embedded AI solutions.

Five Reasons WebAssembly is Needed to Scale Embedded AI

The following are five reasons why WebAssembly-based containerization is a key enabler for embedded AI.

1. Turning Firmware into Software

WebAssembly-based containerization can turn firmware into software by enabling compiled software modules to run in sandboxed containers that are isolated from the underlying runtime and host devices. This enables device drivers, signal processing pipelines, AI inference models, and other application logic to evolve independently, reducing integration efforts and enabling each function to have its own design lifecycle.  AI models can evolve at their natural pace without affecting other device code.

2. Supporting Existing Developer Workflows

AI engineers and embedded developers have different expertise and use different tools. While embedded developers code in C/C++ and are skilled in dealing with lower level drivers and strict resource constraints, AI developers work with frameworks like TensorFlow and PyTorch and deployment technologies like Docker.

Hardware abstraction and containerization powered by WebAssembly enables the decoupling of existing workflows so embedded and AI engineers can more effectively collaborate. Embedded developers can focus on lower-level drivers and device functions whereas AI developers deploy apps using their existing CI/CD processes and container repositories.  Neither developer’s workflow needs to fundamentally change to bring their expertise together. They can work independently and efficiently, and combine their components at runtime.  Developers can even prototype software on Linux-based systems in advance of having device hardware in hand, further accelerating project schedules. 

3. Enabling Lightweight, Fractional Updates

WebAssembly-based containers enable fractional software updates on devices without requiring a reboot.  This is especially useful for embedded AI because models or even just model weights can be updated on the fly without restarting a system.  Benefits of fractional updates include maximum uptime and responsiveness, reduced operational risk (e.g., chance of bricking a device), and lower bandwidth costs due to fewer bits across the wire.

4. Ensuring Portability Across Diverse Hardware

As a compile target, WebAssembly is agnostic to the underlying operating system (e.g. RTOS, Linux, Windows) and silicon architecture (e.g. Arm M or A-class, Xtensa, x86, RISC-V). Wasm-based containerization provides a hardware abstraction layer that enables cross-platform portability. Code can be written in a developer’s choice of programming language (e.g. C/C++, Rust, Go, Python, and more), be compiled to a Wasm module, and executed consistently across different hardware.

This portability enables organizations to re-use existing code (including legacy C/C++), simplify integration across a diverse product portfolio, and afford supply chain resilience by being less tied to particular silicon providers.  It also aligns with the trend of neural network accelerators and M- and A-class processors being included on the same device, with the energy-efficient M-class processor performing basic tasks and the more capable processors waking up for more in-depth functions, including running AI models.  Apps packaged as Wasm-based containers are portable across these silicon architectures on the same device. 

5. Enabling a Zero-Trust Security Model

A robust zero trust security model is especially critical for devices running embedded AI because raw data is turned into insights —and potentially action — which can have a snowball effect throughout the network, an organization, and their partners and customers if there’s a breach. WebAssembly offers strong security guarantees by design, with deterministic execution and constrained access to system resources, making it a strong fit for mission-critical embedded workloads.  Key attributes include:

• Applications run in isolated containers, sandboxed from each other and from the underlying hardware by default

• Access to device resources (e.g., network interfaces, storage) is disabled by default and must be explicitly granted via permissions

• Applications can access only designated memory regions, unlike traditional firmware, which has unrestricted access to the full memory space

• Individual containers can be terminated independently if abnormal behavior is detected

To learn more about the cybersecurity benefits Wasm brings to the embedded space, check out our CEO Jason Shepherd’s recent blog. 

Ocre: Making it Real

While Wasm offers significant advantages, it’s not a complete containerization solution. Rather, it serves as the foundation for a broader runtime environment — one capable of managing container lifecycles (start, stop, update), interfacing with device I/O, and coordinating the orchestration of applications. 

We’re addressing the need for a full Wasm-based container runtime by collaborating with the community on the open source Ocre project hosted by The Linux Foundation. Ocre integrates the WebAssembly System Interface (WASI) and WebAssembly Micro Runtime (WAMR) into a purpose-built architecture that brings containerization to resource-constrained embedded systems. It also exposes an API for managing key runtime operations such as launching, halting, and upgrading applications deployed in containers.

Ocre additionally supports the OCI (Open Container Initiative) specification, enabling its containers to coexist in standard registries alongside Docker images. This ensures compatibility with existing DevOps workflows and CI/CD pipelines. 

At Atym, we’re leveraging the Ocre runtime as part of our container orchestration platform for resource-constrained edge devices. The centralized Atym Hub makes it easy for developers to deploy and manage containers, optimize on-device performance through ahead-of-time (AoT) compilation, establish security policies, perform remote debugging, and more. 

Looking Forward: Redefining the Embedded Software Model

As embedded devices are increasingly software-defined, traditional monolithic firmware approaches are falling short.  Improving the embedded development process has been a “nice to have” for many years, but the rise of edge AI is a forcing function that compels us to rethink the entire paradigm. 

WebAssembly-based containerization provides a practical, scalable path forward by bringing modern software engineering practices to the domain of resource-constrained devices, including MCUs with as little as 256KB of memory.  

By embracing WebAssembly-based containerization, embedded and AI developers can:

• Deliver software, including AI faster and more reliably

• Simplify multi-role collaboration with existing toolsets and skills

• Future-proof systems against evolving code, architectures, and use cases

For a deeper dive, check out our upcoming joint webinar with Edge Impulse: ”Integrating Embedded AI on Edge Devices at Scale”. In this webinar, you’ll learn how together Atym and Edge Impulse provide a complete solution for deploying and managing AI models on resource-constrained embedded devices at scale. We’ll walk through Edge Impulse’s comprehensive tool set for creating optimized AI models and Atym’s WebAssembly-based solution to enable and orchestrate containers for embedded devices. 

In the meantime, feel free to check out the Ocre project or drop me a line to see how Wasm might help you redefine how you approach embedded development