Docker is bringing AI agents, created as a safer alternative to the wildly popular OpenClaw, into its sandboxes, further shoring up their isolation from other processes and data for business use.
OpenClaw, an open source AI personal assistant, launched in November 2025 as Clawdbot (which quickly ran afoul of Anthropic's Claude Code branding, leading to its name change) and amassed more than 20,000 GitHub stars in its first three months. It gave rise to a new category of "AI claw" agents, which run on local machines and use tools and apps installed there to take action on the user's behalf with minimal supervision.
The potential risks of OpenClaw rose almost as quickly as its popularity -- one high-profile report in February featured Meta's director of AI safety racing to stop OpenClaw from deleting her email inbox. Bad actors took advantage of the tool's popularity to conduct software supply chain attacks. OpenClaw's default access to the entire local machine, plus its ability to communicate externally and its persistent memory, added up to major risks, including the installation of malware.
"OpenClaw was developed as a POC [proof of concept] by one guy who never intended it to go viral and be used in production," said Torsten Volk, an analyst at Omdia, a division of Informa TechTarget. "Because it was a POC he did not worry about optimizing the architecture for security, but optimized the entire OpenClaw platform for functionality, ease of use and simple extensibility."
NanoClaw, Docker team up on 'AI claw' for businesses
Into this picture stepped a new project, NanoClaw, developed by two brothers, Lazer and Gavriel Cohen, that wraps a stripped-down version of the Claude Code agent in a containerized orchestration layer. That project, launched in February, has garnered 20,000 GitHub stars and 100,000 downloads. It uses containers as a barrier between the AI agent and the local machine's OS to prevent it from having unbounded access to the entire machine.
"The OpenClaw moment is not about bringing something new to the table, but it's about connecting things that were already there and unlocking the capabilities that have been building for a long time with AI agents," said Gavriel Cohen, in an interview with TechTarget this week. "As soon as you see that vision, someone like me is able to come in and say, 'Okay, I could build this in a way that's actually secure and that could work for businesses, and could be production-ready.'"
The infrastructure for the world needs to catch up with where AI agents are -- quite pointedly, agents break the container model.
Mark CavagePresident and COO, Docker Inc.
A new partnership between Cohen's new company, NanoCo, and Docker Inc. will further shore up NanoClaw's security and connect it with the Docker toolchain that's already in use by enterprises.
Specifically, Docker will support NanoClaw in its Docker Sandboxes product, said Mark Cavage, president and COO at Docker, in an interview with TechTarget. Docker Sandboxes are an experimental feature in Docker Desktop that run AI agents in a microVM on the local machine, further isolating them from the main OS.
"The infrastructure for the world needs to catch up with where AI agents are -- quite pointedly, agents break the container model," Cavage said. "The ecosystem of containers assumes immutability -- you build an image, you ship it, and you don't touch it at runtime. But the very first thing an agent does is, it wants to go mutate its environment. It wants to install packages. It wants to modify files. It wants to spin up databases. So you actually want something that is a bigger isolation boundary than a process jail, which is what Docker containers have been built on."
Running NanoClaw's container-based orchestration within a microVM protects against container escapes by AI agents, making it more difficult for attackers to use them to exploit vulnerabilities and defending against potentially damaging actions by the agents themselves.
"NanoClaw uses Docker Sandboxes to implement a modular architecture where individual agents, skills and processes are isolated based on centralized security policies that also define how these sandboxes can talk among one another," Volk said.
Lazer and Gavriel Cohen, creators of the NanoClaw AI agents project.
NemoClaw in the wings?
The development of new AI agent tools still hasn't slowed down -- no sooner did the Cohen brothers' AI marketing startup pivot to NanoClaw than reports surfaced this week about NemoClaw, a planned "claw" agent from AI powerhouse Nvidia, also built with enterprise security in mind. Those reports remain unconfirmed, but Nvidia is widely expected to divulge more details next week at its GTC conference.
Docker will remain platform agnostic, Cavage said. It also supports AI agents including Claude Code, OpenClaw and AWS Kiro.
Cohen predicted that what ultimately wins out among "claw" agents will depend on how easy it is to acquire and use for businesses.
"I think for businesses out there, there's still a lot of confusion or uncertainty about how to connect these agents and how to build it out and how to make it secure," he said. "What's going to work for businesses and for enterprises is not going to be about being the most secure. It's about building [something] that they can understand and reason about and easily deploy and figure out how to get quick value out of … that's what we're aiming to build."
NanoClaw development also continues apace, including plans for additional co-developed features with Docker.
"AI agents are going to need more and more things," Cavage said. "And you'd expect to be able to run sandboxes cheaply, easily in various places, let these things recursively spin up and so on."
Beth Pariseau, a senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism. Have a tip? Email her.
