One embodiment relates to a method for monitoring the security of a virtual machine hosted by a host system, the virtual machine comprising an operating system communicating with a hypervisor of the host system. The hypervisor interfaces between the operating system and hardware resources of the host system. The method comprises receiving at least one machine instruction corresponding to an interruption in the operating system, said interruption following an event having occurred in the virtual machine and executing the instruction by the hypervisor using the hardware resources of the host system and transmitting to the operating system a data stream including the result of the execution. The sent data stream is duplicated in a second stream and the second stream is analyzed by a security agent running on an entity separate from the virtual machine in order to detect a security problem during the processing of the interruption.