Docker, Inc

Agents may be the reason Docker Sandboxes exist, but they’re not the only use case. This InfoWorld article explains the architecture behind Docker Sandboxes, why microVMs provide a different isolation model than containers, and what that unlocks for developers running untrusted code, CI workloads, and agent workflows. Read → https://bit.ly/4uWi5S5

The internet was built to move information. Somewhere along the way, we turned that into a data extraction economy. In this episode of 'Ship Happens', host Per Ploug Krogslund talks with Ruben Verborgh, Professor at Ghent University, about how the way we package AI and data today is fundamentally broken, and why companies keep collecting data they still cannot actually use well. The conversation gets into decentralized data, AI agents acting in our interest, and why today’s AI business models may not survive contact with reality. Watch if you want a very different perspective on where AI systems, agents, and the web may be headed next → https://bit.ly/3RndRUC

The best engineering tips don’t always come from a handbook. They come from developers solving real problems every day. We asked Docker Captains to share the Docker tips they wish every engineer knew. The result is seven best practices that can help you help you build leaner images, avoid common mistakes, improve security, and get more out of your workflows. From building leaner images with multi-stage builds and limiting container privileges to using Docker Scout to spot issues early, these are lessons learned from years of hands-on experience. Read the tips from our Captains Mohammad-Ali A'RÂBI, Rafael P., Karan Verma, Sergio Lopes, Khushboo Verma, and Anjan Kumar Ayyadapu https://lnkd.in/gUzGGgkW

How many times have you researched the same topic twice because the first round of notes was buried somewhere in Slack, a doc, or a browser tab? This post shows how to build a repeatable research workflow with Docker Agent, Docker Model Runner, and a custom skill that pulls recent articles, analyzes trends, and generates a structured report you can keep as a repeatable artifact. If you're building with local models, this shows how to turn a one-off prompt into something you can actually reuse: https://bit.ly/4lVqWzz

Why are hardened images suddenly everywhere? This RedMonk piece by Kate Holterhoff, Ph.D. goes beyond the vendor announcements and gets into the underlying pressures driving adoption: NVD enrichment is shrinking, AI is accelerating vulnerability discovery, and supply chain attacks are becoming harder to ignore. It also gets into the practical reality developers face: why vulnerabilities in base images often become a problem for application teams, even when the underlying packages are outside their control. Understanding that dynamic helps explain the rise of image hardening across the industry. Read: https://bit.ly/4vu9m9w

What happens when thousands of employees start running agents? This Techstrong.ai article covers our recent Docker AI Governance announcement and the problem it was built to solve - namely, that agents need broad access to be useful, while most organizations have little visibility into what they’re doing, what they’ve accessed, or how to enforce consistent controls. The key idea: policy has to live where the agent actually runs. This piece helps explain how Docker combines sandbox isolation, network controls, credential management, and MCP governance into a single layer for managing agent execution. Read → https://lnkd.in/eTGxvF-g

That’s a wrap on LeadDev London! One theme that kept coming up: teams want the speed of AI agents without losing control of what gets built, deployed, and shipped. Over the last two days, Docker has been sharing talks, live demos, roundtables, and community discussions - all focused on agent autonomy, isolation, governance, and secure software delivery. The conversations showed how quickly agentic development is moving from experimentation to implementation, and why isolation, trust, and governance are becoming part of the developer workflow itself.

Packed room for Docker CISO, Mark Lechner at LeadDev London! His session, 'Ship 10x Code Safely With Agents', focused on a challenge many teams are already running into: how to close the trust gap between AI-generated code and production systems without compromising security. Strong signal that the conversation is moving beyond code generation and toward what it actually takes to ship AI-assisted software safely.

One command. Total host filesystem compromise. In issue 2 of 'AI Coding Agent Horror Stories', Ajeet Singh Raina breaks down the infamous rm -rf ~/ incident, where an agent wiped a developer’s home directory while trying to clean up an old repo. The important part is not the typo. It’s the execution model behind it. The post walks through why these failures keep happening, as well as the architectural shift teams are starting to make: moving agents into isolated execution environments where the blast radius is contained by design. Read issue 2 →