NanoClaw has partnered with Docker to enable running AI agents in isolated Docker Sandboxes with a single command. The setup handles cloning, configuration, and creates a secure environment where each agent runs in its own container inside a micro VM. Available now for macOS (Apple Silicon) and Windows (x86), with Linux support coming soon.

The architecture provides hypervisor-level isolation with millisecond startup times. Each agent gets its own filesystem, context, tools, and session - a sales agent can't access personal messages, and a support agent can't reach CRM data. The micro VM layer adds a second security boundary, ensuring that even if an agent breaks out of its container, it cannot touch the host machine.

This security model assumes agents are untrusted and potentially malicious, enforcing boundaries through architecture rather than instructions. Unlike alternatives that share environments, NanoClaw provides true isolation by default. The company is building toward enterprise-scale agent orchestration with features like controlled context sharing, agent creation, fine-grained permissions, and human approval workflows. NanoClaw positions itself as the secure runtime layer for agent teams operating at scale.