In quick
- Tank OS bundles OpenClaw as a bootable system image.
- With this application, each representative runs in a separated container with its own qualifications, and no circumstances can access the host maker or other representatives.
- Security audits flagged 12– 20% of ClawHub add-ons as destructive.
Red Hat principal software application engineer Sally O’Malley invested a weekend resolving an issue the majority of business IT groups do not understand they have yet. The outcome is Tank OS, an open-source tool that packages OpenClaw– the hot brand-new software application that makes it simple to release AI representatives– inside a safe and secure, self-contained environment and provides it as a ready-to-boot system image you can press to any maker: a cloud server, a virtual maker, or physical hardware.
Simply put, if you (or your representative) screw things up, this level of seclusion would consist of the damage to within “it’s great” area.
Rather of by hand setting up OpenClaw on each computer system and hoping somebody configured it properly, you release one image– a total photo of the os plus the representative– and every maker that boots from it gets the precise very same setup. Updates work the exact same method: switch the image, reboot, done. No handbook patching.
The security piece is where Tank OS makes its name. Each OpenClaw circumstances runs inside a container– a type of walled-off box inside the computer system that can’t reach outside its own limits.
Seriously, O’Malley utilized Podman, a container tool established at Red Hat, which runs without administrator opportunities. That indicates even if something fails inside the container, it can’t touch the remainder of the maker.
API secrets– the “passwords” that link OpenClaw to services like e-mail or Slack and make it possible for your maker to interact with all those services– are kept independently per circumstances. One representative can’t see another’s qualifications. Absolutely nothing inside the container can reach the host system.
O’Malley is herself an OpenClaw maintainer, implying she assists developer Peter Steinberger choose which includes ship and which bugs get repaired, with her particular concentrate on business usage cases and Red Hat’s Linux community. Tank OS isn’t a third-party spot. It shows where somebody inside the task believes business solidifying in fact requires to go.
Security in the agentic AI period is exceptionally crucial, thinking about that now practically everybody is utilizing these tools, however very few understand what they in fact do to run. This develops an open-door invite for technically smart hackers and assailants.
For instance, security scientist Mav Levin of DepthFirst divulged CVE-2026-25253 in late January– a vulnerability ranked 8.8 out of 10 on the intensity scale utilized by security scientists worldwide. It was a one-click attack: going to the incorrect website while OpenClaw was running sufficed to hand an enemy your login qualifications and complete control of your computer system. The repair delivered January 30. More than 17,500 exposed circumstances were susceptible before it did.
This repository is targeted at Red Hat’s consumer business, however the concept of running representatives in containers might be great recommendations even for home users.
” My function within OpenClaw is truly my interest in it,” O’Malley informed TechCrunch “How it’s going to look scaled out when there are countless these self-governing representatives talking with one another.”
Tank OS is readily available now at github.com/LobsterTrap/tank-os.
Daily Debrief Newsletter
Start every day with the leading newspaper article today, plus initial functions, a podcast, videos and more.