Docker Navigator: Secure Foundations and AI Agents in Production

Welcome to the March edition of Docker Navigator. Missed an issue? Read past issues in our collection. 

Docker is expanding the hardened foundation of the container stack with the introduction of Docker Hardened System Packages and continued guidance on running hardened images in production. At the same time, AI agents are moving deeper into real workflows, raising new expectations around isolation, vulnerability clarity, and runtime control. This edition explores how to strengthen your supply chain, reduce CVE noise, sandbox agent execution, and improve local AI performance across the stack.

Announcing Docker Hardened System Packages

Secure your container stack from the base image down. Docker Hardened System Packages offer multi-distro, secure-by-default components with near-zero CVEs. Every package is source-built and patched by Docker, cryptographically attested, and backed by an SLA. Learn how to get started in the Hardened packages docs.

Hardened Images Are Free: Now What?

Docker Hardened Images are free and include VEX attestations. The post shows how to adopt DHI, tune scanner policy, and use the waterline model to clearly separate Docker-owned base-layer fixes from what your team owns above it. It also emphasizes making policy-driven, auditable vulnerability decisions with the container as the unit of truth.

Docker News

State of Agentic AI Report: Key Findings

This report highlights key findings from 800+ global leaders on agentic AI adoption, barriers, and where production AI is headed. It reveals trends around deployment readiness, security concerns, and why containerization matters for agent workflows.

Gordon (Beta): Docker’s AI Agent Just Got an Update

Meet Gordon, Docker’s AI agent now in beta in Docker Desktop. It understands your containers and local environment to help generate Dockerfiles, debug builds, and suggest fixes. The update speeds up development workflows with context-aware AI assistance.

Docker Model Runner Brings vLLM to macOS with Apple Silicon

Docker Model Runner now supports the vllm-metal backend on macOS with Apple Silicon, enabling high-performance local LLM inference using Metal GPU acceleration. This unlocks faster, cloud-free model execution for developers running self-hosted AI workloads.

Dive Deep: Security, Scale, and Production Workflows

As AI workloads mature, execution control and vulnerability signal matter more than ever. These deep dives explore securing agent logic with the 3Cs framework, isolating runtime with Docker Sandboxes, filtering CVE noise with VEX, and strengthening your container foundation for production AI.

The 3Cs: A Framework for AI Agent Security

The 3Cs framework defines a practical approach to securing AI agents by focusing on agent logic, connectivity, and compute to reduce risk in real-world deployments. It gives developers a security-centric model for building and operating agent workflows with confidence.

The Future of Building AI Agents with E2B | Ship Happens Podcast

In the latest podcast episode, we explore the world of AI sandboxes with Vasek Mlejnsky, founder of E2B. He reveals how safe, scalable execution environments are reshaping the future of AI agents. Discover the origin story, the open-source strategy, and the vision powering one of the most exciting tools in AI infrastructure today.

Run OpenClaw Securely in Docker Sandboxes

Run OpenClaw securely in Docker Sandboxes for private, local AI coding with strong runtime isolation. The guide shows how to pair it with Docker Model Runner to keep execution contained and cloud-free.

Running NanoClaw in a Docker Shell Sandbox

Learn how to run NanoClaw in Docker Shell Sandboxes with strong isolation and proxy-managed API keys. This guide shows secure local execution for AI assistants without  cloud exposure.

Reduce Vulnerability Noise with VEX: Wiz + Docker Hardened Images

Learn how VEX statements help filter out irrelevant CVE noise when using Docker Hardened Images so teams can focus on real risk. The post walks through practical ways to improve vulnerability signal quality in production environments.

Around the Community

Connect with the Docker community to learn, ask questions, and stay up to date with what’s new in containerization. Explore the Docker Forum for active discussions and our Events page for what’s happening next.

• This recent community thread explores unexpected disk growth under Docker and containerd. The community highlighted reminders to check actual usage with docker system df -v plus df -h, remember that anything a container writes outside bind mounts/volumes lands in its writable layer, and be aware there may be leftover/orphaned containerd snapshots due to garbage-collection quirks.
• Check out the newly launched Labs within Docker docs, where developers can complete a hands-on workshop.

On the Calendar

Meet our Product and Engineering teams at leading tech conferences, where they share expertise, explore Docker’s latest advancements, and collaborate with the global tech community to shape the future of innovation.

• NVIDIA GTC AI Conference 2026 — San Jose, CA, USA — March 16-19 
• Visit the Docker booth at NVIDIA GTC to see how we help teams ship GPU-powered AI safely with sandboxed agent execution and built-in governance. Join us at the Docker x ClickHouse meetup (free, RSVP required) during GTC for an early look at how Docker is making it easy to build and ship agents!
• MCP DevSummit — New York, NY, USA — April 2-3
• Visit the Docker booth to see demos for MCP Catalog + Toolkit, run models locally with Docker Model Runner, and ship safer with Docker Hardened Images.

Can’t make it in person? Join upcoming Docker webinars live or on demand.

Explore sessions designed to improve AI workflows, strengthen your software supply chain, and keep you up to date with Docker’s latest tools.

• March 25, 2026 | 8am PST, 11am ET (Live): The State of AI Agents: Insights From 800+ Builders and Leaders
  AI agents are moving into production, but scaling exposes operational gaps. Join this webinar for new research on leading use cases, top blockers to enterprise adoption, and how the Model Context Protocol supports a flexible, future-ready foundation.
• On-Demand Webinars: Explore Docker’s webinar library for sessions from Product and Engineering teams, including:
• Running Hardened Images in Prod: Beyond CVE Counts
  How teams validate, roll out, and operate Docker Hardened Images in production, with DHI Enterprise support for patching, compliance, and customization at scale.
• How n8n Uses Docker Hardened Images
  A real-world look at securing critical AI and DevOps workflows with DHI.
• Securing the Modern Software Supply Chain (7-part series)
  Strategies for delivering minimal, production-ready images with near-zero CVEs and significantly reduced attack surface.

That’s a Wrap

Thank you for reading Docker Navigator! If you enjoyed this issue, please share it with your friends so they can subscribe now. 

Got any feedback or suggestions for our next issue? Send comments to newsletter@docker.com.