What's New in Docker Sandboxes (sbx) 0.35.0
Everything you want to know about the latest Docker sbx 0.35.0
Everything you want to know about the latest Docker sbx 0.35.0
Docker Model Runner supports three inference engines namely llama.cpp, vLLM, and Diffusers. Each engine has different strengths, supported platforms, and model format requirements. This blog article helps you in making a decision to choose the right engine and configure it for your use case.
Most developers running Claude Code today run it directly on their host machine. That means the agent shares an environment with your SSH keys, your AWS credentials, your browser sessions, and every other project on your laptop. A container helps, but a container is not a sandbox. A shared kernel
AI coding agents are brilliant right up until the moment they run rm -rf in the wrong directory, curl a script from who-knows-where, or leak a token you forgot was in your environment. The whole promise of Docker Sandboxes (sbx) is to give those agents a room of
Your weekly digest of Cloud-Native AI, Docker Sandboxes, and Model Context Protocol innovations.
Docker Sandboxes (sbx) runs your coding agent inside a microVM instead scoped to a single project directory, behind a network policy you control. Here's how to set it up on Windows, step by step.
Running an AI agent in a Docker Sandbox raises one question first: where do the API keys live. This hands-on guide wires the 1Password CLI into Docker Sandboxes so credentials resolve from your vault on demand and never sit in plaintext inside the container.
Docker. Kubernetes. Agentic AI.
The Laptop is the New Prod
Run the Pi coding agent in an isolated microVM in about ten minutes, with your API key kept on the host and out of the agent's reach. A step-by-step walk through the official Pi kit for Docker Sandboxes.
Claude Code sandboxed in a microVM, egress filtered, credentials never entering the VM ~ as a shareable kit. Here's how it works and how to build your own.
Docker Sandboxes give AI coding agents a real isolation boundary: a microVM with its own kernel, its own Docker daemon, and a proxy that mediates every outbound request. Most of what makes them genuinely useful isn't on the front page. Here are ten things worth knowing before you run your first one.
Run Docker Agent inside a microVM with one command. Hard VM isolation, workspace-only mount, and API keys that never cross the boundary.
Operational AI with Docker Book is live today. ๐
A behind-the-scenes recap of co-organizing the Nemotron 3 Super Meetup at Amadeus Labs, Bengaluru.
If you spend any amount of time on LinkedIn or X, you already know the feed is saturated with AI coding agents ~ Claude Code, Codex, Gemini CLI, Junie, and a new launch every other week. The hype is loud. The actual adoption inside real engineering teams is harder to read.
I tried running NVIDIA NemoClaw inside Docker Sandboxes to see what happens when you stack two isolation systems. It got seven layers deep before hitting a wall at /dev/kmsg
I've been deep in Docker sbx + Docker Model Runner for the past week. The combination is quietly the first real open-source implementation of "agent in a microVM, model on the host, zero cloud." Full walkthrough ~ 8 steps, every command tested on my Mac.
AI coding agents are incredibly useful until you realize they're running next to your SSH keys and AWS credentials. Here's how Docker Sandboxes changes that.
OpenClaw is not safe in its default configuration. With deliberate hardening running inside Docker Sandboxes, keeping it patched, binding the gateway to localhost, and auditing every skill, it becomes conditionally safe for personal use.