By Beth Pariseau
Publication Date: 2026-03-13 12:26:00
Docker is bringing AI agents, created as a safer alternative to the wildly popular OpenClaw, into its sandboxes, further shoring up their isolation from other processes and data for business use.
OpenClaw, an open source AI personal assistant, launched in November 2025 as Clawdbot (which quickly ran afoul of Anthropic’s Claude Code branding, leading to its name change) and amassed more than 20,000 GitHub stars in its first three months. It gave rise to a new category of “AI claw” agents, which run on local machines and use tools and apps installed there to take action on the user’s behalf with minimal supervision.
The potential risks of OpenClaw rose almost as quickly as its popularity — one high-profile report in February featured Meta’s director of AI safety racing to stop OpenClaw from deleting her email inbox. Bad actors took advantage of the tool’s popularity to conduct software supply chain attacks. OpenClaw’s default access to the entire local machine, plus its ability to communicate externally and its persistent memory, added up to major risks, including the installation of malware.
“OpenClaw was developed as a POC [proof of concept] by one guy who never intended it to go viral and be used in production,” said Torsten Volk, an analyst at Omdia, a division of Informa TechTarget. “Because it was a POC he did not worry about optimizing the architecture for security, but optimized the entire OpenClaw platform for functionality, ease of use and simple…
