NanoClaw, the open-source AI agent platform built as a security-focused alternative to OpenClaw, has formally partnered with Docker to run agents inside Docker Sandboxes — lightweight micro VMs that give enterprises a two-layer isolation boundary around every agent they deploy.

What Changed

NanoClaw already ran agents inside Docker containers, which isolates processes from the host machine. The new Docker Sandboxes integration goes further: each agent now runs in a micro VM with its own kernel, not just its own container namespace. That means even if an agent escapes its container, it still hits a hypervisor-level wall before reaching the host system or adjacent workloads.

"With Docker Sandboxes, that boundary is now two layers deep," said Gavriel Cohen, NanoClaw co-founder. The stack is explicitly designed around the assumption that agents will misbehave — through prompt injection, model errors, or attack vectors nobody's anticipated yet.

The Enterprise Case

Modern agents connect to live data, execute code, and operate inside collaboration platforms like Slack, Discord, and Telegram. That scope creates real exposure: a sales agent that can read a CRM shouldn't be able to reach personal messages. NanoClaw enforces those boundaries at the OS level, not through instructions given to the model.

The install is a single curl command on macOS (Apple Silicon) and Windows/WSL. Linux support is rolling out in the coming weeks.

Why It Matters

Most agent security discussions happen at the software layer — guardrails, policies, system prompts. NanoClaw and Docker are pushing isolation down into infrastructure, where it's harder to bypass. It's a bet that enterprise adoption hinges not on what agents can do, but on what they provably cannot do to the systems around them.