Sign In Get Started
Newsletter

Docker Navigator: AI Workflows, Container Security, and Build Reliability

Issue #0029
May 14, 2026
Payal Sharma

Stay in the know

Stay up to date on the latest Docker news, opinions and tools.

Thank you for your interest. The Docker Team will be in touch.
May 12, 2026

Docker AI Governance: Unlock Agent Autonomy, Safely

Introducing Docker AI Governance: centralized control over how agents execute, what they can reach on the network, which credentials they can use, and which MCP tools they can call, so every developer in your company can run AI agents safely, wherever they work. Your laptop is the new prod Agents are the biggest productivity unlock…

headshot srini sekaran square
Srini Sekaran

Read now

Docker Captain May 7, 2026

Comparing Different Approaches to Sandboxing

Docker Captain Siri Varma Vegiraju compares sandboxing methods for AI agents, from containers to microVMs. Learn how Docker Sandbox improves isolation, security, and performance.

441339584 557777130241153 3750391772851754789 n Siri Varma Vegiraju
Siri Varma Vegiraju

Read now

Welcome to the May edition of Docker Navigator. Missed an issue? Read past issues in our collection

AI is moving from generating code to executing it, changing what developers need from the systems around it. This issue looks at what that means in practice, from hardening container images without breaking real builds to isolating untrusted workloads and responding to supply chain attacks. Those same constraints show up as teams run agent-driven workflows, build AI systems locally, and move from blocked deployments to production-ready environments.

Docker Hardened Images

Why We Chose the Harder Path: Docker Hardened Images, One Year Later

Hardening images sounds straightforward until stripping packages starts changing how they behave in real builds. Hardened Images took a different path: reduce real risk without breaking developer workflows. A year in, here’s where those tradeoffs landed.

Why MicroVMs: The Architecture Behind Docker Sandboxes

Some workloads need stronger isolation than containers alone can provide. Docker Sandboxes use microVMs to give each workload its own kernel and environment. A stronger boundary for running code locally without exposing the host.

Docker News

Trivy, KICS, and the Shape of Supply Chain Attacks So Far in 2026

A malicious image was pushed to a trusted Docker Hub namespace and pulled before it was caught. It’s part of a growing pattern in 2026: attackers targeting repositories developers already trust. The risk isn’t just unknown images, it’s the ones that look familiar.

Precision Container Security with Docker and Black Duck

Black Duck now recognizes Docker Hardened Images and uses VEX data to suppress CVEs that don’t actually affect your application. Less noise in scan results, shorter triage, and no changes to your build process.

Dive Deep: Running AI Agents Safely and Moving Local AI into Real Workflows

AI agents are moving beyond assisted coding into environments where they execute code, interact with systems, and operate inside CI pipelines. At the same time, more AI workloads are moving local to improve control, performance, and reliability. These deep dives look at what it takes to run those workflows safely, from isolated execution to production-ready deployments.

Claude Skills Directory

Running AI Agents in Real Workflows

Docker’s coding agent sandboxes team is already running fleets of agents to test, triage, and modify code in parallel. That shift raises new questions around execution control and isolation in CI environments.

Running Models Locally

Running models locally brings more control over performance, cost, and data, but also introduces new constraints around compatibility and environment setup. Generating images locally with Docker Model Runner and Open WebUI shows how those workflows come together.

From Experiment to Production

Getting from a working setup to production often comes down to security constraints and image compatibility. ClickHouse moved from blocked to production-ready using Docker Hardened Images, showing how those constraints get resolved in practice.

Watch: Agent Workflows in Practice

Agents don’t just change how code is written, they change how it runs. Agent workflows behave differently in real environments, especially as they scale and interact with shared systems.

The latest episode of Docker’s AI Guide to the Galaxy explores sandbox isolation in practice. On the Ship Happens Podcast, host Per Krogslund sits down with Harness Field CTO Jignesh Patel to unpack why CI/CD pipelines break down at scale and what it takes to make them more reliable.

Around the Community

The Docker community is active across forums and events. Check the Docker Forum for the latest discussions, and the Docker Events page to find upcoming meetups and conferences near you.

  • In this forum thread about Docker Desktop on Ubuntu 24.04.4, an architectural best practice emerged: Docker Desktop on Linux runs inside a Virtual Machine using a custom desktop-linux context, meaning your containers, volumes, and daemon all live in the VM rather than the familiar /var/lib/docker paths you’d expect from Docker CE, making it the better fit for headless Linux servers.
  • Check out the newly launched Labs within Docker docs, where developers can complete hands-on workshops across AI apps, containers, and real-world development workflows.

On the Calendar

Meet our Product and Engineering teams at leading tech conferences, where they share expertise, explore Docker’s latest advancements, and collaborate with the global tech community to shape the future of innovation.

  • LeadDev London (LDX3) — London, UK — June 2-3
    Docker is heading to LeadDev London with speaking sessions, live demos, and engineering leadership discussions focused on secure, AI-native software development. Visit Booth #314 to see how teams are building with agents safely at scale.
  • AI Engineer World’s Fair 2026 — San Francisco, USA — June 29 – July 2
    Docker will be at AI Engineer’s World’s Fair with workshops, lightning talks, demos, and hands-on sessions focused on secure, production-ready AI systems. Visit the Docker team to explore agent-ready workflows and governed AI infrastructure built for scale.

Can’t make it in person? Join upcoming Docker webinars live or on demand.

Explore our on-demand webinar library for sessions from Product and Engineering teams, including:

That’s a Wrap

Thank you for reading Docker Navigator! If you enjoyed this issue, please share it with your friends so they can subscribe now

Got any feedback or suggestions for our next issue? Send comments to newsletter@docker.com.