NanoClaw partnered with Docker to run each AI agent in its own Docker Sandbox (micro VM + isolated Docker daemon), delivering hypervisor-level per-agent isolation and a one-command installer for macOS (Apple Silicon) and Windows (WSL), with Linux support coming soon. The release emphasizes a "design for distrust" security model—hard boundaries between agents and the host—and outlines needs for controlled context sharing, persistent agents, fine-grained permissions, and human-in-the-loop approvals for scaling agent teams.