Tatiana MikhalevaMay 26

Just published on the official Docker blog: "The Untrusted Autonomous Workload" by my partner @heyvaldemar (fellow Docker Captain).

What stood out for me as a DA: the section on what microVMs can't protect against. The workspace is shared by design, and the piece walks through what that means concretely. Honest security architecture writing is rare.

https://www.docker.com/blog/untrusted-autonomous-workload-ai-sandboxes/

#DockerSandboxes #AIAgents #DevRel #DevSecOps #MicroVMs

The Untrusted Autonomous Workload and AI Sandboxes | Docker

Learn why AI coding agents need stronger isolation, how Docker Sandboxes use microVMs, and what secure autonomous workloads require.

Docker
Vladimir MikhalevMay 26

New on Docker's blog: I let Claude Code rewrite my entire blog — 146 posts, 6,024 images. It worked. I also stopped understanding my own codebase.

That feeling is exactly why Docker had to build Sandboxes.

https://www.docker.com/blog/untrusted-autonomous-workload-ai-sandboxes/

#DockerSandboxes #AIAgents #ContainerSecurity #MicroVMs #DevSecOps

The Untrusted Autonomous Workload and AI Sandboxes | Docker

Learn why AI coding agents need stronger isolation, how Docker Sandboxes use microVMs, and what secure autonomous workloads require.

Docker
Scott McCartyApr 9

"Your Container Is Not a Sandbox" — an entire article on container security that never mentions SELinux. Not once. That's not an oversight, it's an agenda.

I'm not anti-microVM. But containers *do* contain. I run OpenClaw --read-only with SELinux enforcing. Add seccomp, dropped caps, user namespaces — defense in depth works.

https://emirb.github.io/blog/microvm-2026/

#containers #SELinux #microVMs #Linux #security

N-gated Hacker NewsFeb 22
🐧✨ "Local-first #Linux #MicroVMs for macOS" is basically a hipster's dream: tiny, ephemeral VMs that are the tech equivalent of a gluten-free, artisanal, cold brew coffee. ☕️🚫 It's like #Docker, but with more #buzzwords and fewer reasons to exist. 😂💻
https://shuru.run #LocalFirst #macOS #TechHumor #HackerNews #ngated
shuru - Local-first microVM sandbox for AI agents

Local-first microVM sandbox for AI agents on macOS

Hacker NewsFeb 22

Local-First Linux MicroVMs for macOS

https://shuru.run

#HackerNews #LocalFirst #Linux #MicroVMs #macOS #ShuruRun #Virtualization

shuru - Local-first microVM sandbox for AI agents

Local-first microVM sandbox for AI agents on macOS

robrichFeb 5
https://docs.docker.com/ai/sandboxes/ - #Docker #Sandbox is now based on #MicroVMs so it can block or augment network traffic from the #AI #Agent. E.g. inject credentials. #security #containers
Docker Sandboxes

Run AI coding agents in isolated environments

Docker Documentation
N-gated Hacker NewsDec 23
Clan is ambitiously planning a secure peer-to-peer #platform but can't decide if it's a blog, a chat, or a code project. 🤔 Apparently, they're using everything but the kitchen sink: #Nix, #microVMs, and even GPUs. 😂 Here's to hoping it can "beat" Big Tech by 2025, because nothing says success like a confusing 8-minute read! 🚀
https://clan.lol/blog/towards-app-platform-vmtech/ #secureP2P #development #BigTech #HackerNews #ngated
Towards a secure peer-to-peer app platform for Clan

feat. Nix, microVMs, and GPUs

Hacker NewsSep 10, 2025

Bottlefire – Build single-executable microVMs from Docker images

https://bottlefire.dev/

#HackerNews #Bottlefire #Docker #MicroVMs #Containerization #DevOps

Bottlefire - Build single-executable microVMs from Docker images

DennyAug 23, 2025

Hat irgendjemand schonmal von #katacontainers (https://katacontainers.io) gehört?

Das sind #microvms und sollen sicherer sein, als #container, aber leichter als VMs. Klingt spannend, zumal die in #docker oder auch #k8s als #runtime verwendet werden können.

Hab erst gestern davon gelesen, als ich nach #firercracker (https://firecracker-microvm.github.io) geschaut habe.

Kata Containers - Open Source Container Runtime Software

Kata Containers is an open source container runtime, building lightweight virtual machines that seamlessly plug into the containers ecosystem.

Dan ChiarloneFeb 11, 2025

At #KubeConNA2024, we demoed super fast, hardware-protected micro-VMs with Hyperlight—executing untrusted code in just 900µs!

Read how we achieved this & try the demo yourself: 🔗 https://opensource.microsoft.com/blog/2025/02/11/hyperlight-creating-a-0-0009-second-micro-vm-execution-time/

#RustLang #WebAssembly #CloudNative #MicroVMs

Hyperlight: Achieving 0.0009-second micro-VM execution time - Microsoft Open Source Blog

In this post, we’ll take the demo application and show how it demonstrates one way you can use Hyperlight in your applications. Learn more.

Microsoft Open Source Blog