Charalampos Mainas is joining NOFire AI as Member of Technical Staff, Systems.
Making autonomous actions truly bounded is not a policy problem. It is an execution environment problem. Control has to happen at the level where actions actually execute: in hardware isolation, with scoped identity, with a constrained egress path. That is what the control layer in the Context and Control Model for Production requires. And that is the layer Charalampos has spent his career building.
He built urunc, a CNCF sandbox project, "runc for unikernels and single application kernels," at Nubificus alongside Anastasios Nanos, NOFire AI's co-founder and Chief Scientist. urunc is a container runtime that executes workloads in software- or VM-based sandboxes via standard OCI tooling, with unikernels and more generic kernels as the execution target. When the NOFire AI control layer evaluates and permits an autonomous action, that action lands inside a microVM sandbox. urunc is the substrate that makes that boundary real. Charalampos helped build it from the ground up.
Background
Charalampos joined Nubificus in 2019 as an early engineer, aspent two years at TUM (Technical University of Munich) working on FPGA virtualization and serverless systems, then returned to Nubificus through 2026. For his NTUA diploma thesis, he designed a fork and pipe mechanism for unikernels that retains their single process characteristic. He has published peer-reviewed work on FPGA virtualization and serverless systems, and has presented at FOSDEM, KubeCon, and other open source conferences on lightweight virtualization and hardware acceleration.
More about Charalampos
How did you get into systems programming?
The moment I got my first "hello world" to run, I could not stop wondering how that message actually made it to the screen. That question pulled me down the stack and into operating systems, then into Linux kernel modules, then inevitably into my first kernel oops. I have been fascinated by the lower parts of the system stack ever since.
Why NOFire AI?
AI agents are powerful, but also a little terrifying. Everyone has heard the stories: an agent goes rogue, does something it should not, and the blast radius is wide before anyone notices. NOFire AI is tackling this as an execution environment problem, not a policy problem. You cannot prompt your way to safety. Instead, strong isolation boundaries are necessary. That is exactly the layer I have spent years building. Being here means that work becomes the control layer for autonomous action in production, and I get to actually prevent those "agent goes rogue" moments.
What will you be working on here?
The runtime that agents actually execute in. When NOFire AI permits an autonomous action, that action has to land somewhere; and that somewhere needs to be truly bounded. My focus is on making sure that when an agent goes rogue, the damage stops at the wall.
Tools you rely on?
A tilling window manager, my vim configuration and a compiler.
Outside of work?
I enjoy playing and watching basketball, love everything related to the sea, and am always curious to learn how everything around me works.
Charalampos is based in Greece. You can follow his work on LinkedIn and GitLab.
