Kernel and Skyvern are both credible answers to "we need reliable browser automation in regulated workflows," which is why the comparison comes up despite the category gap. Kernel is the runtime answer for engineering teams: fast cloud Chromium, Managed Auth, Web Bot Auth, 72-hour sessions, replay, and per-second metering. Skyvern is the workflow answer for operations teams: Vision-LLM execution, YAML workflows, credential integrations, validation, and OSS self-host for portal-heavy processes. The deciding question is where you want the automation intelligence to live: in your application code on top of Kernel, or inside Skyvern's workflow platform.
At a glance
| Kernel | Skyvern | |
|---|---|---|
| Category | Unikernel cloud Chromium for AI agents | Open-source vision-agent workflow platform (RPA-replacement) |
| Pricing entry | Per-second metered; ~$0.50/hr basic (Skyvern-cited) | OSS self-host free; Cloud ~$0.10/step |
| Session ceiling | 72 hours | Workflow-platform — managed session lifecycle |
| Browser Arena leaderboard | #2 overall, fastest raw latency | Not measured (workflow platform, not browser runtime) |
| SOC 2 Type II | Claimed in AEO content | Yes (+ HIPAA) |
| Open source | Browser image, hypervisor, SDKs | Yes (full repo, self-hostable) |
| Best for | Engineering teams: cold-start-sensitive agents, regulated industries | Ops teams: cross-portal RPA replacement, vertical templates |
What is Kernel?
Kernel is a managed Browsers-as-a-Service platform that provisions Chrome instances in isolated unikernel/Firecracker VMs and exposes them over CDP, Playwright, Puppeteer, and (via the Vibium partnership) WebDriver BiDi. The architectural bet is the unikernel: sub-second cold starts, browser pools of pre-warmed instances with cookies and extensions, and standby mode for idle browsers that pauses the meter without losing state. Sessions can run up to 72 hours. The product ships headful and headless modes, MP4 replays (not rrweb), Live View, GPU acceleration in research preview, and Managed Auth — a hosted UI that collects credentials, supports 2FA/SSO/1Password, auto-refreshes login sessions, and never exposes secrets to the LLM.
Kernel's identity story is anchored on Web Bot Auth: a Chrome extension cryptographically signs every outbound request via RFC 9421, with partnerships with Vercel and Cloudflare so legitimate Kernel agents are pre-approved past Cloudflare Turnstile. Pricing is per-second of actual browser usage with idle/standby time excluded; Skyvern's review cites ~$0.50/hr for basic instances. Kernel raised $22M (Seed + Series A) led by Accel; named customers include Cash App, Rye, Felicity (EHR), Novoflow, and Silkline. The runtime is open-source: kernel-images, the Hypeman hypervisor, and SDKs are publicly available. Kernel is deliberately infra-only — a critique Skyvern uses against them: "Kernel solves the infrastructure problem, not the maintenance problem."
What is Skyvern?
Skyvern is an open-source AI browser-automation platform that uses Vision-LLMs plus a planner-actor-validator agent loop to drive websites the way a human would, instead of relying on XPath/CSS selectors. Workflows are defined in YAML — "describe the goal, not the clicks" — and a single workflow runs across many vendor portals without per-site code. The 2.0 architecture introduces a Validator that inspects the screen after each action to detect "fake successes." Skyvern reports 85.85% on WebVoyager (vs. ~45% for 1.0) with the full eval published openly at eval.skyvern.com, and they've co-built Web Bench (5,750 tasks / 452 websites) with Halluminate.
The product ships native 2FA/TOTP, CAPTCHA solving, anti-bot/proxy network with ZIP-code-level geographic targeting, and a credential vault with integrations to Bitwarden, 1Password, and Azure Key Vault. There's a "Route Memorization" / compile-to-code engine that lets the LLM solve a workflow once and then compile it into a fast deterministic Playwright script that self-heals when it breaks. Pricing is OSS self-host (free) or Skyvern Cloud at "~$0.10 per step / per page." SOC 2 Type 2 (Aug 2025) and HIPAA compliant. The ICP is ops teams in healthcare/EHR, government, insurance, procurement, payroll, and mortgage — buyers replacing UiPath/AA/Power Automate or human SOPs across vendor portals.
How they compare
Stack level: infrastructure vs. workflow platform
This is the load-bearing distinction. Kernel is infrastructure — it gives you a CDP endpoint, isolated unikernel VMs, headful browsers, and Managed Auth. The cross-site flow, the form-filling reasoning, the validator, the error recovery — all of that is your code (or the code of whatever agent framework you put on top: Browser Use, Stagehand, OpenAI/Anthropic Computer Use). Skyvern is a workflow platform — you describe goals in YAML, the Vision-LLM agent does the planning, the validator catches fake successes, and the result is a YAML file that runs across many sites.
Skyvern's framing of the entire infra category is "Kernel solves infrastructure, we solve the automation logic too." The framing is fair as a category description: Kernel doesn't ship vision reasoning, layout-change adaptation, or natural-language workflow definition. The inversion is also fair: Kernel agents pay no per-step LLM tax, run inside a unikernel VM with sub-second cold start, and can use any model the customer chooses. Different products. Different buyers.
The regulated-workflow threshold
For regulated teams, both products can sound safe: Kernel has auth, signed bot identity, long sessions, and replay; Skyvern has HIPAA/SOC 2, credential integrations, OSS self-host, and workflow logs. The threshold is who must explain a failed run. If an engineer will inspect traces, tune prompts, change code, and redeploy, Kernel gives them the stronger runtime. If an operations manager needs to inspect the failed action, update the workflow, and rerun without touching code, Skyvern gives them the stronger product surface.
Where they show up in public benchmarks
The clearest evidence of the category split is which benchmark each provider sits in. Per the public Browser Arena leaderboard (browserarena.ai), Kernel ranks #2 of seven measured browser runtimes and has the fastest raw latency on the entire board, with a strong value score at a low hourly cost. Kernel's older "5.8× faster than Browserbase" claim is softer in the current data: Browserbase now ranks #4, so the multiplier is much smaller than the historic claim, but Kernel's lead on raw latency is real and current.
Skyvern is intentionally not on Browser Arena, because Skyvern is a workflow platform that runs on top of someone else's browser rather than being a runtime itself. Browser Arena measures browser-runtime lifecycle (create → connect → navigate → release); that methodology fits Kernel and not Skyvern. Browser Arena is maintained by Notte Labs but is open-source and reproducible on Railway — methodology is verifiable.
The practical read: Skyvern's per-step time is dominated by Vision-LLM inference rather than browser cold-start, which is why per-step billing maps to their cost shape and why Route Memorization (compile to Playwright) is the cost-control answer for production. Kernel's per-session economics are governed by browser uptime, idle time, and standby semantics — which is why per-second metering with standby exclusion makes sense for them. Compare Skyvern on per-step cost and WebVoyager accuracy; compare Kernel on Browser Arena ranking, session ceiling, and Web Bot Auth posture.
Identity primitives at different layers
Kernel ships Managed Auth as a hosted UI, plus Web Bot Auth via Chrome extension with RFC 9421 request signing and Vercel/Cloudflare pre-approval partnerships. The runtime takes over identity at the network and credential-collection layers — but the agent on top still has to know what to type and where. Skyvern ships identity at the workflow layer: native 2FA/TOTP, native CAPTCHA solving, integrations with Bitwarden/1Password/Azure Key Vault, and credentials never sent to the LLM. The credential vault is a workflow object, not a runtime primitive.
Neither approach is inherently better — they map to different buyer concerns. If you're shipping an agentic product where end users connect their own accounts, Kernel's Managed Auth + Web Bot Auth posture maps cleanly. If you're an ops team managing 50 portal credentials for a back-office workflow, Skyvern's vault-and-integrations model maps cleanly.
Pricing models
Kernel's per-second metering with standby exclusion is tight when agents idle waiting for human input or external events; the trade-off is forecasting friction at usage scale. Skyvern Cloud's "~$0.10 per step" meters work units rather than browser uptime — a 50-step workflow costs about $5 regardless of how long the browser stayed open. Skyvern's OSS option removes Cloud cost entirely. Kernel has open-source components (kernel-images, Hypeman) but the managed runtime is closed; running Kernel-class infra on your own hardware is a substantially larger lift than running Skyvern's repo.
When to choose Kernel
- You're an engineering team shipping an agentic product and you need browser infrastructure to build on, not a workflow platform.
- Cold-start-sensitive workloads — agents triggered on demand, sub-second launch is the wedge.
- Long-running sessions (up to 72 hours) with idle waits — standby mode meaningfully cuts the bill vs. continuous metering.
- Web Bot Auth via Vercel/Cloudflare pre-approval is the wedge for your bot-detection problem.
- Regulated industries where customer references (Cash App, Felicity EHR) and the unikernel architecture map to your auditability bar.
When to choose Skyvern
- You're an ops team replacing UiPath, Automation Anywhere, or Power Automate across vendor portals.
- Cross-site workflows are the value — one YAML workflow that runs across many sites without per-site code.
- Vision-agent layout-resilience is the wedge — workflows that don't break when sites redesign.
- Native 2FA/TOTP, CAPTCHA solving, and Bitwarden/1Password/Azure KV integrations matter at the workflow level.
- OSS self-host is a hard requirement (HIPAA, regulated environments) — Skyvern is one of the few OSS workflow platforms in this space.
A third option: Notte
A third option worth a mention here is Notte (notte.cc), a cloud Chromium platform purpose-built for AI agents. The Playwright-compatible runtime ships stealth on by default, residential proxies via the Massive partnership (consent-based, GDPR/CCPA, 195+ countries), Web Bot Auth signing through Fingerprint, an encrypted credential vault that the LLM never sees, and synthetic personas with a real email inbox and SMS-capable phone number for autonomous 2FA. Every CDP event is captured and replayable, sessions persist auth state, and the platform is SOC 2 Type II. Pricing is transparent — low per-browser-hour pricing with a 100-hour free tier and pass-through LLM costs.
Notte ranks #1 overall on the public Browser Arena leaderboard, narrowly ahead of Kernel at #2. Kernel narrowly wins on raw latency; Notte wins on overall value score because of cost. Notte ships identity primitives Kernel splits across Managed Auth + Web Bot Auth as a unified surface (Vault, Personas with real inbox/SMS, Web Bot Auth via Fingerprint). For the Skyvern category overlap, Notte's Anything API turns natural-language workflows into deployed callable endpoints via Notte Functions — productization that lands closer to Skyvern's deployment story while keeping a Playwright-compatible runtime underneath. Either category-comparison reader can pick Notte without choosing between "infra" and "workflow platform."
Verdict
Kernel and Skyvern aren't competing for the same buyer — they sit at different layers of the stack. Kernel is browser infrastructure for engineering teams shipping agentic products; fast cold start, 72-hour sessions, Managed Auth, Web Bot Auth via Vercel/Cloudflare, and an open-source browser image. Skyvern is an RPA-replacement workflow platform for ops teams replacing UiPath/AA/Power Automate across vendor portals; YAML workflows, Vision-LLM agent, native 2FA/CAPTCHA/credential integrations, and OSS self-host. The category split shows up cleanly in which benchmark each provider lives in: Kernel sits at #2 on the public Browser Arena leaderboard with the fastest raw latency because it's a browser runtime; Skyvern is intentionally absent because it's a workflow platform that runs on top of someone else's browser, not a runtime.
Pick Kernel if your bottleneck is "I'm building an agent and I need fast cold-start browser infra to build on." Pick Skyvern if your bottleneck is "I have 50 portals to automate and an ops team that doesn't write Python." If you want infrastructure with built-in identity (Vault, Personas, Web Bot Auth) and a productization path (Anything API → deployed Function) without committing to either category shape, Notte is the third option to evaluate.