BRAWL is RIoT Secure’s lightweight WebAssembly (WASM) runtime designed specifically for resource-constrained IoT devices. Built on open standards such as WebAssembly and WASI, BRAWL enables developers to write portable, device-agnostic application logic that can be securely deployed, updated, and executed across heterogeneous hardware platforms. By adopting WebAssembly’s sandboxed binary format - the same technology powering modern browsers and cloud runtimes - BRAWL introduces a standardized execution layer for embedded systems. This allows application logic, AI-related workloads, and business rules to evolve independently of long-lived device firmware, dramatically simplifying lifecycle management in the field.
BRAWL runs WASM bytecode, delivered via RIoT Secure's management platform.
This lets you leverage standard tooling (e.g. wasm-opt, language compilers,
debuggers), for microcontroller firmware development.
Write Once, Run Anywhere - Now for IoT
In traditional embedded development, identical application logic must be recompiled and redeployed separately for each target architecture, resulting in widely varying firmware sizes and complex validation processes. BRAWL changes this model by standardizing application logic into WebAssembly bytecode.
To illustrate, consider a simple Arduino Blink Tutorial example compiled for different targets:
| Arduino Sketch | Target | CPU | Firmware | |
|---|---|---|---|---|
|
void setup() { pinMode(13, OUTPUT); } void loop() { digitalWrite(13, HIGH); delay(1000); digitalWrite(13, LOW); delay(1000); } |
Arduino UNO | Atmel ATmega328P | 930 bytes | |
| Arduino MKRZERO | Atmel SAMD21 | 10,072 bytes | ||
| Arduino Primo | ARM Cortex-M4 | 19,960 bytes | ||
| Arduino Due | ARM Cortex-M3 | 22,124 bytes | ||
| Genuino 101 | Intel Currie | 48,732 bytes | ||
Despite identical logic, firmware sizes vary dramatically. When compiled to WebAssembly and executed within the BRAWL runtime, the same application logic results in a 256-byte WASM module, deployable across all targets - independent of CPU architecture. This consistency reduces bandwidth usage, simplifies validation, and enables reliable firmware-over-the-air (FOTA) updates even over narrowband networks.
WebAssembly: → Blink.wat Using wat2wasm the resulting Blink.wasm file produced is a miniscule 256 bytes!
Designed for Constrained Devices - Without Compromise
BRAWL is purpose-built for embedded systems, delivering a secure, sandboxed runtime with near-native performance through optimized native bindings. The runtime provides controlled access to essential device functionality while preserving isolation and predictability. BRAWL is purpose-built for IoT, bringing the power of WebAssembly directly to microcontrollers. It delivers a secure, sandboxed runtime with lightweight execution, offering built-in bindings for essential peripherals like GPIO, I2C, SPI, UART and 1-Wire, while safely extending to native functions when needed. By adopting WebAssembly’s standardized instruction set, BRAWL ensures portability and predictability across devices.
WASM System Interface Definitions:
- brawl/device.gpio
- brawl/device.i2c
- brawl/device.onewire
- brawl/device.spi
- brawl/device.uart
- brawl/device.matrix
Enabling AI and Intelligent Edge Workloads
As AI and advanced data processing move closer to the edge, application logic and models evolve far more rapidly than underlying device firmware. BRAWL provides a natural execution layer for these fast-moving workloads, enabling AI-related logic to be delivered as compact, updatable WebAssembly modules. Combined with RIoT Secure’s lifecycle management platform, this allows organizations to:
- Update application logic and AI workflows without touching base firmware
- Reduce deployment risk through smaller, verifiable updates
- Maintain long-lived devices while continuously improving functionality
This decoupling is critical for operating intelligent IoT systems at scale.
Secure Delivery and Lifecycle Integration
BRAWL is tightly integrated with the RIoT Secure Platform. WebAssembly modules are securely delivered and managed through OASIS, using µTLS for efficient, encrypted communication. This ensures that every deployed module is authenticated, versioned, and traceable throughout its lifecycle. For environments where a dedicated application microcontroller is preferred, BRAWL complements - and can replace - FUSION, offering a software-defined alternative to hardware sandboxing while retaining the same lifecycle governance model.
Built for the Future of IoT
As the WebAssembly ecosystem continues to evolve, BRAWL is designed to take advantage of emerging standards such as WASI, WASI-IoT, and next-generation cryptographic extensions. This positions BRAWL as a future-ready execution environment capable of spanning microcontrollers at the edge, simulation environments, and even digital twins in the cloud. Just as Java and .NET standardized application development for servers and desktops, WebAssembly is standardizing execution across the web and cloud. BRAWL brings that same level of portability, safety, and predictability to IoT - enabling a single execution model from prototype to production, and from device to cloud.
BRAWL - portable execution for intelligent IoT, built on WebAssembly and designed for lifecycle management at scale.
