The exokernel makes this a nonstarter if you ever want to run untrusted code, as it implies hardware takeovers, compromised peripherals/TPMs/drives/etc. especially when it claims to be AI first.
FWIW the actual original exokernel design had protection boundaries and untrusted "userspace".
They defined the kernel as the smallest possible thing that would reliably multiplex hardware to the untrusted userspace components. So, network driver was a thing that would know just enough about the network card to put incoming packets in one of N queues based on e.g. a filter on some header values (some hardware will do this for you!). Or just enough to know that NIC 1 is reserved by component A so component B cannot have it (at this time) (VFIO hardware can present multiple virtual devices). A block storage driver was something that knew component A owned blocks 1-10000 and component B owned blocks 10001-20000 (these days, enterprise NVMe could partition into multiple virtual devices in hardware!). No network protocols, no filesystems etc in kernel, but still a central kernel that manages trust boundaries.
