NanoClaw and Docker Sandboxes: Building the Next Generation of Secure AI Agents
The world of AI is rapidly changing from simply asking questions of intelligent systems to giving real work to autonomous AI agents. However, as these agents proliferate, there remains a major challenge: the lack of a secure, isolated infrastructure to run them safely in an enterprise environment. This is the problem being tackled by NanoClaw and Docker, whose recent collaboration represents a significant step forward in the development of AI agent security.
Claw too a multi-tenant orchestration layer for AI agents, born out of the need for a more secure and business-friendly solution. Creators Gavriel and Lazer Cohen, who founded a company called NanoCo, came from a public relations background and were looking to build a native AI marketing agency. While doing that, Gavriel came across OpenClaw, started using it, and saw it as a game changer.
“But,” explains Lazer Cohen, “he started looking at the code base and saw half a million lines of code, completely untested, and realized it wasn’t possible that way. So over the weekend, Gavriel started building what is now NanoClaw and posted it to Hacker News, where it reached number one, and that brought in the first few thousand GitHub stars and users.”
Lazer described NanoClaw as “adding another skilled worker who can go and manage their team of agents.”
On its blog, the project explained that “each NanoClaw an agent runs in its own container with its own file system, context, tools, and session. Your sales agent cannot see your personal messages. Your support agent does not have access to your CRM data. These are hard limits enforced by the OS, not commands given by the agent. “
It further noted that the MicroVM layer adds a second layer of security, so that if the agent gets out of its container, it will hit the VM wall, which provides security for your machine, files, credentials and other applications.
According to Mark Cavage, president and COO of Docker, the core of NanoClaw’s philosophy—providing a scalable, containerized, and open-source platform—is well aligned with Docker’s own vision of agent security. The company’s blog announcing the integration explained that all NanoClaw agents run within the Docker Sandbox utility, based on MicroVM that enforces strict isolation at the operating system level.
“We at Docker believe that the NanoClaw philosophy is the right philosophy, and it’s actually very much in line with the same conclusion we came to about how agents should be structured and how they should work,” Cavage told SD Times. “I keep saying that the sandbox project and the NanoClaw project are like peanut butter and jelly, and they’re two parts of the stack that kind of build on each other, because you really need the base layer to be secure and separate, and you need the real data and the agent layer to be secure and separate, and you can’t have one without the other and it makes sense to go along with it.”
Also related is the visibility that organizations rely on to track agent behavior, to ensure that agents don’t stray into places they don’t belong. Lazer Cohen said:Consciousness is mutual. You first need to be private and have clear boundaries and controls on what agents can and cannot access. Then you want to add visibility on top of that so you can monitor and oversee what they’re doing. “
NanoCo and Docker stressed that this is “the beginning of a conversation, not the end,” about the big plans ahead for the NanoClaw project and the continued progress on how to safely run agents.
