diff --git a/README.md b/README.md
index b3d43c9..d67667d 100644
--- a/README.md
+++ b/README.md
@@ -413,6 +413,19 @@ Agents should be able to dispatch sub-jobs to other agents/workers. Not just top
 
 ---
 
+### 36. Ephemeral Execution Environments
+
+Code execution should be disposable. Run in a fresh environment, extract results, throw away the environment.
+
+- Containers (Claudine): self-hosted, free, full control
+- Cloud microVMs (Vercel Sandbox): managed, instant snapshots, network firewall
+- The job shouldn't care WHERE it runs — same interface, different backends
+- Dispatch should abstract over execution backends: local worker, container, cloud sandbox
+
+**Origin:** Comparing Claudine (self-hosted containers) with Vercel Sandbox (managed microVMs) — same concept, different trade-offs.
+
+---
+
 ## (inbox — unsorted ideas)
 
 - **Least-privilege agent access**: Agents should SSH as a dedicated non-root user (e.g. `deploy@`) with scoped sudo for only what they need (systemctl, caddy reload). No root SSH long-term.