Over a weekend, Sally O’Malley, principal software engineer at Red Hat, addressed an emerging challenge within enterprise IT by creating Tank OS. This open-source tool encapsulates OpenClaw—the latest innovation in AI agent deployment—within a secure and self-contained environment, providing a system image ready for deployment on any device: cloud servers, virtual machines, or physical hardware.
Tank OS ensures that if something goes awry with the software or its user, the damage remains isolated. Rather than manually setting up OpenClaw on each machine, users can deploy a singular image encapsulating both the operating system and the agent. This guarantees uniformity across all devices running from it. Updates are simplified: replace the image and reboot.
The security aspect of Tank OS is pivotal; each OpenClaw instance operates within a container that acts as an isolated environment, incapable of interacting with anything outside its bounds. O’Malley leveraged Podman, Red Hat’s containerization tool that functions without administrative privileges, ensuring issues inside the container do not affect the entire system.
API keys necessary for connecting OpenClaw to services such as email or Slack are stored separately per instance, preventing cross-instance visibility of credentials and maintaining isolation from the host system.
As an OpenClaw maintainer, O’Malley contributes to feature development and bug resolution, focusing on enterprise applications within Red Hat’s Linux ecosystem. Tank OS is more than a third-party fix; it represents internal insights into necessary enterprise enhancements.
Given the growing usage of agentic AI tools, security becomes paramount, especially as many users lack understanding of their operations, exposing systems to potential attacks. Mav Levin of DepthFirst highlighted CVE-2026-25253 in January—a severe vulnerability allowing attackers to gain control by simply visiting a webpage with OpenClaw active. The fix was deployed on January 30, but over 17,500 instances were at risk prior.
While Tank OS targets Red Hat’s enterprise customers, the concept of containerizing agents is beneficial advice for individual users as well.
“My involvement in OpenClaw stems from my interest and vision of its large-scale deployment with millions of interacting autonomous agents,” O’Malley shared with TechCrunch. Tank OS can be accessed at github.com/LobsterTrap/tank-os.