yeet
Book a demoLogin
DiscordGitHubYouTube
5 min read

What is eBPF?

By: Necco Ceresani

At it’s simplest, eBPF is a virtual machine that sits on the kernel, allowing small programs to run in a sandboxed environment with access to real-time data on what your system is doing.

Traditionally, two things have been true in the software development industry:

  1. Don’t mess with kernel
  2. eBPF (and BPF before it) is ridiculously complex

Let’s review some vocabulary before moving forward:

Operating system (OS) - the fundamental software that manages a computer's hardware and software resources. Think about computer memory. You have 64 gigs of memory, and that lives on a piece of hardware inside the machine called RAM. The OS is the go-between from the software saying, “I’m Instagram and I need 1.2 gigs of memory” and the hardware saying “I have 14 gigs available”.

Kernel - A kernel is the core, foundational component of an operating system (OS). It is the thing that actually allocates the 1.2 gigs of memory, and manages that against other asks.

Packets - These are the little bits of data being sent across the internet. In order to share a photo with you, that photo is broken down into tiny packets that are then sent over the “network” or internet, and received by my computer via the Kernel.

BPF - This is a little program that sits on the Kernel and was invented as a receiving port for the packets. It then filters (doesn’t matter) them, and transfers them to the OS. Essentially iron ore is coming in, and BPF turns it into iron and sends it to you.

eBPF - Big update to the BPF program. While BPF was only friends with network packets, eBPF is friends with everyone - security, observability, advanced networking, etc. Also, and perhaps most importantly, eBPF can run custom code from developers. BPF couldn’t do that.

JavaScript: A programming language that makes websites interactive and dynamic, sort of like giving a static drawing the ability to move and respond to your actions. Pretty much everyone knows JS, including AI. It’s common tongue.

Congratulations, you’ve now passed Computer Science 201.

Get early access to Yeet

Join the waitlist and be first to know when we launch.

Don’t mess with the kernel

In the olden days, like the 90’s, if you wanted to touch the ultimate power that the kernel contains, you had to use kernel modules. These are little programs that are finicky, and if they or you mess up, then the whole OS is messed up and then computer no work good. Plus, you had to turn it off and back on again every time you wanted to update. Suuuper annoying.

Enter our good friend eBPF, and all of a sudden, modules are out, custom code is in. Plus no more restarts.

This is a big deal, because now developers can start taking more advantage of the kernel’s ultimate power of controlling every packet that goes in and out of the computer.

BUT there is still a steep barrier to entry due to complexity and general human boredom. And even if you manage to code something for eBPF, the payoff is non-linear. It’s like the most boring super power - My super power is creating a light breeze!

That’s not entirely fair to our friends at Cilium, Falco, Pixie and others, but they will likely hate this blog anyways. Please allow me to apologize ahead of time.

eBPF is ridiculously complex

So here we have eBPF, controller of all data, but living on an ivory tower of complexity, where no one can reach it.

Until now.

Yeet has built a JavaScript elevator to the top of the ivory tower.

For the first time in history, any developer or vibe coder, will be able to write a simple JS script that turns eBPF data streams into usable, production grade tools.

Beyond that, more advanced users will be able to do the same thing, and then also manipulate the data packet flows - to do things like not allow malicious traffic into the server.

Yeet has reduced the complexity of utilizing eBPF by a factor of 1,000.

This means, you can now go into Yeet, and say “build me a production profiler for my python app” and bingo bango - you have it.

Anyone who knows about eBPF will tell you it’s a revolutionary technology, AI included. Yeet is the first company that will make it accessible to the world.

Yeet Use Cases

The possibilities Yeet opens up are endless. But I wanted to name a couple of the cool things we’ve built for early customers so far.

1. Production profiling in seconds
Ask Yeet to profile your app, and it will show you exactly where CPU time is going—down to the function or line of code—without adding any libraries or restarting anything.

2. Block credential theft (before it happens)
If a process tries to read something like ~/.aws/credentials or your SSH keys, Yeet can just… stop it. Not alert you. Not log it. Actually block it.

3. Turn raw network traffic into application data
Every request hitting your server is just packets. Yeet can decode that traffic in real time and let you write logic on top of it—like inspecting headers, tracking users, or blocking bad actors.

4. Build a kernel-level firewall in JavaScript
Instead of configuring layers of proxies and rules, you can write simple logic like:
“if this request looks weird, drop it”—and have that enforced before it even reaches your app.

5. Debug incidents with actual context
Instead of “CPU is high” alerts, Yeet can show you what process, what code path, and what changed—so you’re not guessing at 3am.

6. Watch (and control) what AI agents do on your machines
If you’re letting tools like Claude or Cursor run code on your servers, Yeet can record everything they do—and enforce boundaries on what they’re allowed to access.

And these are just the tip of the iceberg.

We couldn’t be more excited to explore the future of eBPF and share all of its incredible potential with the world.

Check out the resources below to dive deeper.

Resources

[5 min video] What is eBPF

[30 min documentary] eBPF: Unlocking the Kernel