diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 52aa648..29fc7f2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -19,8 +19,8 @@ jobs:
       - run: uv run pytest tests/test_filter.py -v
 
   e2e-linux:
-    runs-on: ubuntu-latest
-    timeout-minutes: 20
+    runs-on: ubuntu-latest-m  # KVM-enabled, ~90s vs ~4min under TCG
+    timeout-minutes: 10
     steps:
       - uses: actions/checkout@v5
       - name: Install uv
@@ -52,7 +52,7 @@ jobs:
             ${{ runner.temp }}/vm-state/mitmdump.log
 
   e2e-macos:
-    runs-on: macos-latest
+    runs-on: macos-latest-xlarge
     timeout-minutes: 20
     steps:
       - uses: actions/checkout@v5
diff --git a/README.md b/README.md
index af8d730..75c6df5 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# Agent VM
+# less-lethal: userspace LLM agent VM
 
 A sandboxed Debian VM with no direct internet access. All traffic is forced through a host-side [mitmproxy](https://mitmproxy.org/) that enforces an allowlist, giving full visibility and control over what the guest can reach. Runs on macOS (Hypervisor.framework) and Linux (KVM or software emulation). No sudo required.