VMM is smaller so fewer vulnerabilities exist here. Example: - Cross VM row hammer attack - Malware that exploits [[SGX - Fine-grain protection without a trusted VMM|SGX]] (If it runs in enclave, the VM/OS doesn't even know about it)