No, "virtual machine" alone doesn't make things safer.

Shrink your attack surface.

Use a completely locked down seccomp. Use nsjail or gVisor for containers. Use microvm or libkrun for full OS.

Lesser attack surface is what matters. Virtualization is only half of the story.