Docker Sandboxes and microVMs, explained -

With the rise of agentic AI, developers need secure but also lightweight solutions for running their agents. The agent should be able to do all the things a human developer could do with containers — build them, install software into them, and modify files they have access to — but in a way that protects the host system from the agent doing something destructive.

Docker offers several different levels of isolation for running containers. Each comes with its own trade-offs. Some are faster, but less inherently secure; others are slower, but better protected against attack or egress. In April, Docker introduced a new kind of isolation for containers, one specifically designed to run AI agents: Docker Sandboxes.

Docker Sandboxes explained

Docker Sandboxes use what is called a “microVM” to isolate containers. A microVM is a virtual machine that runs on the native hypervisor of the host operating system for isolation. The “micro” comes from the design of the VM, which is specifically for running workloads that need to start up quickly, tear down quickly, and not gobble too many system resources.

The microVM itself is a custom-built, cross-platform project for Docker, designed to run directly on the hypervisor architecture for all three major platforms: Linux (KVM), macOS (Hypervisor.framework), and Microsoft Windows (Windows Hypervisor Platform). The behavior of the microVM is intended to be the same across the board, with native support for each hypervisor.

Normally, the Docker daemon runs directly on the host. Containers run with minimal overhead, but also with less isolation compared to the full isolation of a VM. With microVMs, each container has its own isolated instance of the Docker daemon, along with its own kernel. No persistent state is kept in the microVM, so they can be killed and restarted as needed.

Docker Sandboxes and agentic AI

The combination of nimbleness, light weight, and full isolation is designed to make Docker Sandboxes a better environment for AI agents than regular containers or full VMs. Regular containers don’t provide enough isolation from the host to keep an AI agent from causing problems, and full VMs have too much overhead to work well with the ad hoc nature of agentic workloads.

A sandboxed container provides whatever runs inside it with locally scoped access to directories, network endpoints, and secrets, all of which are injected at run time and not part of the container’s definition. The agent can run all of Docker’s commands (build, run, compose), but in complete isolation from other containers and the host system.

Even with these enhancements, there’s still potential for problems. A sandboxed agent could pull and build containers without restraint, for example, eating up bandwidth and system resources. That said, those kinds of problematic behaviors are more easily contained and cleaned up after than, say, having one’s system trashed or production data deleted.

Docker Sandboxes beyond AI

Although Docker Sandboxes may have been designed for AI coding agents, their feature set extends into scenarios far beyond agentic AI workloads. Docker Sandboxes provide another level of isolation and flexibility to containers generally.

Consider malware analysis. A piece of malware run in a microVM could be run through a great many different analysis scenarios — more in a given timeframe than with a conventional VM, since microVMs start and stop faster.

Other scenarios also come to mind, as noted by Nathan Flurry of Rivet. One use case would be to allow third parties to run untrusted code. A coding platform that allows users to upload and run their own code, for instance, could be configured to use microVMs to run the code in isolation, and terminate it cleanly and automatically (e.g., when some resource quota is used up). Another use case would be software build pipelines. By isolating each build process inside a microVM container, teams could prevent conflicts between builds and achieve more predictable performance.

Right now, the Docker Sandbox system caters primarily to agentic AI clients, but it is possible to start a shell and run your own code inside a sandboxed container. You can also build a custom sandbox with a template or a kit, although kits are in an experimental stage right now.

Docker Sandboxes and its companion tools open the door for any number of experiments with microVMs. AI agents may be the founding and prominent use case for Docker Sandboxes, but they are just the tip of the iceberg.

Go to Source

Author:

Converging File and Object Storage for AI-Scale Data Architectures

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Jim Goodnight Guides SAS Through AI-Driven Reinvention – Let’s Data Science

The 2026 Hotel Profit Story Will Be Won in the Space Between Demand and Discipline – Hospitality Net

Speaking semantics: Using business language to enable financial firms to drive value from LSEG metadata – LSEG

WisdomAI brings plug-and-play conversational AI analytics capabilities to SaaS applications – SiliconANGLE

CTG Awarded HGACBuy Contract to Accelerate AI Adoption for Public Agencies – Business Wire

Mphasis Launches Mphasis Tria™, a First-of-its-Kind Enterprise Agency Platform; Governed Front2Back™,Accelerates Mphasis’ Evolution into a Platform-Led AI Enterprise – PA Media

What do software developers do now?