With the rise of agentic AI, developers need secure but also lightweight solutions for running their agents. The agent should be able to do all the things a human developer could do with containers — build them, install software into them, and modify files they have access to — but in a way that protects the host system from the agent doing something destructive.
Docker offers several different levels of isolation for running containers. Each comes with its own trade-offs. Some are faster, but less inherently secure; others are slower, but better protected against attack or egress. In April, Docker introduced a new kind of isolation for containers, one specifically designed to run AI agents: Docker Sandboxes.
Docker Sandboxes explained
Docker Sandboxes use what is called a “microVM” to isolate containers. A microVM is a virtual machine that runs on the native hypervisor of the host operating system for isolation. The “micro” comes from the design of the VM, which is specifically for running workloads that need to start up quickly, tear down quickly, and not gobble too many system resources.
The microVM itself is a custom-built, cross-platform project for Docker, designed to run directly on the hypervisor architecture for all three major platforms: Linux (KVM), macOS (Hypervisor.framework), and Microsoft Windows (Windows Hypervisor Platform). The behavior of the microVM is intended to be the same across the board, with native support for each hypervisor.
