How can a VM handle a compromised host?
VM's are an abstraction we refer to for convenience. The underlying reality is that it's all code running on the host. You can protect a non running VM file with encryption, but a running VM client is running on the host, with host memory and host CPU. The host has access to everything.