The world of AI is rapidly shifting from simply asking intelligent systems questions to delegating real work to autonomous AI agents. However, as these agents proliferate, a critical challenge remains: the lack of secure, isolated infrastructure to run them safely within an enterprise environment. This is the problem being tackled by NanoClaw and Docker, whose recent collaboration marks a significant step forward in the evolution of AI agent safety.
NanoClaw is a multi-tenant orchestration layer for AI agents, born out of the necessity for a more secure and enterprise-ready solution. Creators Gavriel and Lazer Cohen, who have founded a company called NanoCo, came from a public relations background and were looking to build an AI native marketing agency. In the course of doing so, Gavriel came across OpenClaw, started using it, and saw it as a game-changer.
“But,” Lazer Cohen explained, “he started looking at the code base and saw half a million lines of code, totally unvetted, and recognized that it’s just not feasible in that sense. So over the weekend, Gavriel began building what is now NanoClaw and posted it on Hacker News, where it went to number one, and that brought in the first couple of thousand GitHub stars and users.”
Lazer described NanoClaw as “adding another very competent employee that can go and manage their team of agents.”
On its blog, the project explained that “each NanoClaw agent runs in its own container with its own filesystem, context, tools, and session. Your sales agent can’t see your personal messages. Your support agent can’t access your CRM data. These are hard boundaries enforced by the OS, not instructions given to the agent.”
It went on to note that the MicroVM layer adds a second layer of security, so that if an agent were to break out of its container, it would hit the VM wall, which provides security for your machine, files, credentials and other applications.
According to Mark Cavage, president and COO of Docker, the core of NanoClaw’s philosophy—providing an auditable, container-isolated, and open-source platform—perfectly aligned with Docker’s own vision for agent security. A company blog announcing the integration explained that every NanoClaw agent runs inside a disposable, MicroVM-based Docker Sandbox that enforces strong operating system-level isolation.
“We at Docker believe the NanoClaw philosophy is the right philosophy, and it’s actually very much aligned with the same conclusion we had come to in terms of how agents should be structured and how they should run,” Cavage told SD Times. “I keep saying the sandbox project and the NanoClaw project are like peanut butter and jelly, and they’re two parts of the whole stack that kind of build each other up, because really you need the foundational layer to be secure and isolated, and you need the actual data and the agent layer to be secure and isolated, and you can’t have one without the other and have it make sense. And so the two of them kind of are very complementary.”
Also complementary to that is the observability that organizations rely on to track agent behavior, so as to ensure the agents aren’t straying into areas where they don’t belong. Lazer Cohen said, “Observability is complementary. You need to first have isolation and a clear boundary with controls over what agents can and cannot access. Then you want to add observability on top of that to be able to monitor and have oversight over what they are doing.”
NanoCo and Docker emphasized that this is “the start of the conversation, not the end,” with big plans ahead for the NanoClaw project and continued progress in how to run agents securely.