Docker has launched Docker Sandboxes, using microVMs to provide strong isolation for AI coding agents. Each sandbox runs in a dedicated microVM with its own kernel and private Docker daemon, enabling full docker build/run/compose support without host-level privilege escalation. Docker built a new VMM from scratch to support macOS, Windows, and Linux natively using each OS's native hypervisor (Hypervisor.framework, Windows Hypervisor Platform, KVM), avoiding translation layers and achieving fast cold starts. The architecture enforces security boundaries at the infrastructure level rather than relying on the agent itself, with scoped file/network/secret access defined before the agent runs. Sandboxes are disposable, compatible with major AI coding agents (Claude Code, Codex, Copilot, Gemini CLI, etc.), and available today via a single install command.
Table of contents
The Problem With Every Other ApproachWhy MicroVMsWhy We Built a New VMMFast Cold StartsWhat This Means In PracticeFor TeamsThe Tradeoff That Isn’tUse Sandboxes in SecondsSort: