NanoClaw latches onto Docker Sandboxes for safer AI agents • The Register
NanoClaw latches onto Docker Sandboxes for safer AI agents • The Register
https://www.theregister.com/2026/03/13/nanoclaw_latches_onto_docker_sandboxes/
Publish Date: 2026-03-13 07:50:00
Source Domain: www.theregister.com
exclusive NanoClaw, an open source agent platform, can now run inside Docker Sandboxes, furthering the project’s commitment to security.
NanoClaw, as we noted recently, followed from an effort to address the security holes opened by OpenClaw, which attracted widespread attention earlier this year as a way to empower AI models to roam about the web and operate applications on users’ behalf and without many constraints.
NanoClaw already runs inside of containers, which makes it safer than running agent software on a local machine. Through a partnership with Docker, users can now install NanoClaw into a Docker Sandbox, a kind of micro VM that is more secure than a container because it’s isolated from the host system. A container is an isolated process on a shared kernel; micro VMs have their own kernel.
“With Docker Sandboxes, that boundary is now two layers deep,” explained Gavriel Cohen, co-founder of NanoClaw, in a blog post provided to The Register ahead of publication. “Each agent runs in its own container (can’t see other agents’ data), and all containers run inside a micro VM (can’t touch your host machine). If a hallucination or a misbehaving agent can cause a security issue, the security model is broken. Security has to be enforced outside the agentic surface, not depend on the agent behaving correctly.”
Lazer and Gavriel Cohen, founders of NanoClaw – Click to enlarge
Docker Sandboxes are supported on macOS (Apple Silicon) and Windows (x86), with Linux support due in a few weeks.
Mark Cavage, COO of Docker, told The Register in an interview, “Docker Sandboxes are a new primitive that has the ergonomics of Docker and what I describe as the ethos of Docker. But it’s fundamentally a different primitive. It’s actually a micro VM and it actually has true isolation with its own dedicated kernel and its own dedicated hardware space.”
As a…
