Good summary article but the headline and certain conclusions seem overstated. This article appears to be about AI/serverless compute providers running a multi-tenant environment where untrusted code from multiple customers can be colocated onto a single machine. I don't think anyone would seriously suggest containers are enough for that use case. OTOH, VMs have escapes too, and if you are a compute provider, you are probably relying on additional failsafes like VM-in-container with locked down capabilities, SELinux, and more.