Neat approach. Also, we're seeing a number of approaches to sandboxing every day now. Got me thinking about why we're seeing this resurgence. Thoughts?
I think a lot of this current sandboxing interest is coming from a break in assumptions. Traditional security mostly assumed a human was driving. Actions are chained together slowly and there’s time to notice and intervene. Agents have root access/tons of privilege but they execute at machine speed. The controls (firewalls/IAM) all still “work,” but the thing they were implicitly relying on (human judgment + hesitation) isn’t there anymore.
Since that assumption went away, we're all looking for ways to contain this risk + limiting what can happen if the coding agent does something unintended. Seeing a lot of people turn toward containers, VMs, and other variants of them for this.
Full disclosure: I’m at Docker. We’ve seen a lot of developers immediately reach for Docker as a quick way to fence agents in. This pushed us to build Docker Sandboxes, specifically for coding agents. It’s early, and we’re iterating, including moving toward microVM-based isolation and network access controls soon (update within weeks).
Hey - Srini from Docker here. We’ve seen a lot of developers turn to Docker for this use case and heard some mentions of the Docker-in-Docker block. We put out Docker Sandboxes in experimental preview as a potential answer. Still early but we're working on the next iteration based on MicroVMs and avoids Docker-in-Docker.
How does docker sandbox solve the docker-in-docker issue? Can Claude running in docker sandbox spin up other docker containers, without having privileged access?
I think a lot of this current sandboxing interest is coming from a break in assumptions. Traditional security mostly assumed a human was driving. Actions are chained together slowly and there’s time to notice and intervene. Agents have root access/tons of privilege but they execute at machine speed. The controls (firewalls/IAM) all still “work,” but the thing they were implicitly relying on (human judgment + hesitation) isn’t there anymore.
Since that assumption went away, we're all looking for ways to contain this risk + limiting what can happen if the coding agent does something unintended. Seeing a lot of people turn toward containers, VMs, and other variants of them for this.
Full disclosure: I’m at Docker. We’ve seen a lot of developers immediately reach for Docker as a quick way to fence agents in. This pushed us to build Docker Sandboxes, specifically for coding agents. It’s early, and we’re iterating, including moving toward microVM-based isolation and network access controls soon (update within weeks).