I think this definition is very clear and concise:
What are Kata Containers?
You're taking your container and we're looking to add an extra layer of
isolation. So we're not saying that containers are terrible, it's just we
think that defence at depth makes a lot of sense, depending on your security
profile. So what we do on a per-container basis, or per-Pod if you're in the
Kubernetes space, is launch a lightweight virtual machine and inside of that
instantiate your container, and the rest of it is just us doing plumbing so
that way it's not a lot of overhead for you and that just works.
I think this definition is very clear and concise:
Taken from here
Also this is of interest: Kata Containers: Secure, Lightweight Virtual Machines for Container Environments