AI-assisted coding needs more than vibes; it needs containers and sandboxes

Summary of AI-assisted coding needs more than vibes; it needs containers and sandboxes

by The Stack Overflow Podcast

27mMarch 4, 2026
Listen to Episode

Overview of The Stack Overflow Podcast — AI-assisted coding needs more than vibes; it needs containers and sandboxes

This episode of The Stack Overflow Podcast (host Ryan Donovan) features Mark Kavich, President of Docker, in a discussion about how containers, hardened images, and sandboxing are evolving to meet the security, trust, and operational needs introduced by AI-assisted coding and autonomous agents. The conversation covers Docker’s Hardened Images (DHI), open-source vs. commercial offerings, migration paths, sandboxing (MicroVM-based), observability, and agent orchestration/tooling.

Key takeaways

  • Containers remain ubiquitous (roughly ~90% of companies in production) and are the natural runtime for the surge of code generated by AI agents.
  • Increased code generation amplifies supply-chain and security risks; Docker is addressing this with hardened base images, provenance tracking, SBOMs, CVE monitoring, and patch SLAs.
  • Docker Hardened Images (DHI) — most of the catalog is available under Apache 2.0 — provide a secure baseline; commercial tiers add guaranteed patch SLAs, extended life support, customizations, and enterprise compliance features.
  • Sandboxing for agents uses lightweight MicroVMs that can run containers inside isolated environments, giving agents freedom to act while retaining strong controls and observability.
  • You can persist sandbox changes into OCI containers (e.g., save an agent’s environment and share it), enabling templating and reproducible agent artifacts.
  • Tooling for migration (including AI-assisted migration), observability (OTEL-like feeds for filesystem, network, tool calls), and agent orchestration (MCP toolkit, C-Agent) are key pieces of Docker’s roadmap.

Topics discussed

  • Background: Mark Kavich’s experience and Docker’s position in the ecosystem
  • The “trust gap” created by AI-generated code and how containers factor in
  • What makes a container “hardened”: minimal attack surface, provenance, SBOM, vulnerability feeds, not running as root, stripped packages, patched dependencies
  • Docker Hardened Images (DHI) — scope, open-source availability, and exceptions (regulated/FIPS/commercial)
  • Commercial model: 7-day patching SLA (aiming lower), extended life support/backports for enterprise, build infrastructure and customizations
  • Migration approach: change Dockerfile FROM line, validate dependencies, AI-assisted migration tools in Docker Desktop
  • Sandboxing for agents: MicroVM-based, isolation controls (filesystem, network, secrets), observability, and dash--save ➜ OCI portability
  • MCP catalog & toolkit: hosted runtimes/services for agents to call just-in-time (Postgres, other popular services)
  • Agent orchestration and the microservice-like nature of agents
  • Docker Desktop improvements, Docker Offload (local/cloud blur) and developer workflows

What “hardened” containers include (technical summary)

  • Minimal attack surface: remove shells and unnecessary packages/tools
  • Secure configuration: non-root defaults, locked down ports, reduced capabilities
  • Provenance and integrity: tracking where binaries and dependencies came from to prevent supply-chain injection
  • SBOM (Software Bill of Materials): transparency about included components
  • Vulnerability feeds & CVE monitoring: integration with many feeds to detect and act on disclosures
  • Compatibility and regression testing: ensure hardened images still behave like upstream (compat testing across versions)
  • Patching and SLAs: upstream-equivalent cadence in free tier; faster, guaranteed SLAs (commercial) and backported fixes for enterprise

Docker’s open source vs commercial split

  • Open source (Apache 2.0): most of the DHI catalog (Node.js, OpenJDK, Python, Postgres, etc.) is freely available. Tooling to work with it is also published.
  • Commercial offerings:
    • Paid subscription for guaranteed patching SLA (currently 7 days, aiming faster).
    • Extended life support / backports for end-of-life dependencies (important for compliance/regulated industries).
    • Certified build infrastructure (Salsa 3-like) and “customizations” to make enterprise-specific base images easy to produce.
    • Enterprise tier for more regulated customers with compliance-specific features.

Sandboxing and agent safety

  • Sandbox architecture: MicroVM that can run containers (faster, lighter weight than traditional VMs), built into Docker Desktop and other surfaces.
  • Purpose: run untrusted or semi-trusted agents with a safe boundary so agents can mutate their environment but only within controlled limits.
  • Controls & capabilities:
    • File system, network, and resource controls
    • Observability: tool calls, FS calls, network calls, and future code intercepts (OTEL-style feeds)
    • Secrets management and policy controls are being added
    • Ability to save the sandbox image to OCI container (dash--save) and share/port it
  • Use cases: local agent development, running Copilot/Cursor/CloudCode safely, reproducible agent artifacts, policy-enforced execution

Migration and developer workflow

  • Migration is often as simple as changing the FROM line in a Dockerfile and rebuilding, but validation is needed to catch removed dependencies (e.g., a missing shell).
  • Docker provides tooling and AI-assisted migration agents in Docker Desktop to automate and validate migrations.
  • Docker Offload: hybrid model where Docker Desktop can offload compute to cloud machines that act like local desktops — helps scale agent workloads that need more CPU/GPU.

Observability & orchestration

  • Real-time telemetry planned: OTEL-like feeds for what agents do (tool/process calls, FS ops, network).
  • Dashboards (Docker and third-party) can visualize these feeds; enterprises can define rules and controls externally.
  • MCP catalog & toolkit: a registry of popular services agents can spin up just-in-time; MCP gateway exposes a find-and-exec interface so agents pull services as needed.
  • C-Agent and other projects provide agent orchestration primitives; agents increasingly resemble microservices and will be orchestrated similarly.

Who benefits and why it matters

  • Individual developers: safer local agent experimentation, reproducible sandboxes, easier migration to hardened baselines.
  • DevOps/SecOps: standardized hardened images, SBOMs, vulnerability feeds, and enterprise SLAs make compliance and risk management tractable.
  • Enterprises and regulated industries: extended life support, backported fixes, and certified build systems meet audit/regulatory needs.
  • Product teams shipping agent-enabled features: portability, observability, and sandbox controls let teams iterate securely.

Actionable recommendations (for developers and teams)

  • Start from hardened base images where possible to minimize attack surface and get SBOM visibility.
  • Use sandboxing for any agent or untrusted-actor workflow that touches local resources or secrets.
  • Instrument agent sandboxes with observability (logs, OTEL traces, FS & network events) and define rules/policies externally.
  • For production-critical services, evaluate commercial SLAs/backports and extended-life offerings if you need regulated compliance or long-term support.
  • When migrating, run validation tests to catch removed dependencies and use AI migration tooling to accelerate the process.
  • Treat agent-run workloads like microservices: plan for orchestration, lifecycle management, cost controls, and appropriate model selection for job types.

Notable quotes / soundbites

  • “Containers are an artifact that describes your application and lets you get it from point A to point B.”
  • “If you’re generating 10x the lines of code, you need more containers, not less.”
  • “A lot of people are generating code that is full of holes… the trust gap is huge.”
  • “Sandboxing gives you a new and lighter weight and clean, simple way to go put an agent in a box.”

Tools / projects mentioned

  • Docker Hardened Images (DHI)
  • Docker Desktop (with AI-assisted migration tooling)
  • Sandboxing (MicroVM-based sandbox for agents)
  • dash --save → export sandbox to OCI container
  • MCP catalog & MCP toolkit (registry & gateway for agent services)
  • C-Agent (agent construction/orchestration project)
  • SBOM, vulnerability feeds, CVE monitoring, Salsa 3-like build certification

Final note

The episode positions containers and sandboxing as foundational primitives for the agent-driven future: secure, observable, and portable runtimes that let developers and organizations scale AI-assisted code safely. Docker is pushing both free/open hardened images and commercial offerings (SLAs, extended support, enterprise tooling) to close the trust gap and enable safe agent adoption.