Stay in the know
Stay up to date on the latest Docker news, opinions and tools.
Welcome to the June edition of Docker Navigator. Missed an issue? Read past issues in our collection.
Agents aren’t experiments anymore. They’re moving into everyday development workflows, where they can inspect environments, call tools, and act on running systems.
This issue looks at what has to sit around that shift: Gordon for Docker-aware assistance, AI Governance for centralized control, MCP catalogs for tool access, and stronger isolation for untrusted workloads. You’ll also find container security updates, featured community reads, new webinars, Docker podcast episodes, and upcoming events, including WeAreDevelopers World Congress.
Meet Gordon: Docker’s AI Agent for Your Entire Container Workflow
Gordon is now generally available, bringing Docker-aware assistance into the developer workflow. It can understand your local environment, containers, and context, then help diagnose issues and take action with approval across Docker Desktop and the CLI.
Introducing Docker AI Governance: Unlock Agent Autonomy, Safely
Agents are already running from individual laptops, often without clear visibility into what they can access or execute. Docker AI Governance gives teams centralized controls for execution, network access, credentials, and MCP tools, so developers can use agents without creating new blind spots for security and platform teams.
Docker News
Mitigating CVE-2026-31431 (“Copy Fail”) in Docker Engine
On unpatched Linux kernels, container profiles before Docker Engine v29.4.3 allowed AF_ALG socket creation, the relevant syscall surface for CVE-2026-31431. Docker Engine v29.4.3 removes that exposure path, with updated seccomp, AppArmor, and SELinux hardening to better protect containers while kernel patches roll out.
NIST Narrows the NVD: What Container Security Programs Should Reassess
NIST’s new prioritized enrichment model means fewer CVEs will receive the CVSS scores, CPE mappings, and CWE classifications that container scanners and compliance programs depend on. Dan Stelzer covers what to audit against the March 1 cutoff and where Docker Hardened Images can help close the gap.
Dive Deep: Agents Security in Practice
Agent workflows change the security model once tools can execute code, reach systems, and modify environments. These reads move from practical security guidance to real failure modes, isolation models, and MCP controls for keeping agent activity contained.
Securing Agents Before They Act
Once agents can execute code, security depends on more than the model. This practical overview for development teams maps the control points teams need around execution, access, credentials, and monitoring once agents start executing code.
The Untrusted Autonomous Workload: How AI Coding Agents Reshape What Isolation Has to Do
Once agents can run autonomously, “untrusted” means more than unfamiliar code. Docker Captain Vladimir Mikhalev breaks down how the threat model changes for coding agents and why microVM isolation changes the security calculus.
Custom MCP Catalogs and Profiles: Advancing Enterprise MCP Adoption
As MCP toolsets grow, managing servers across workflows gets messy fast. This guide shows how to create custom MCP catalogs, separate server collections by workflow, and keep transitions between configurations clean.
Coding Agent Horror Stories
When coding agents run with broad permissions, small mistakes can become real infrastructure failures. Two recent posts, security crisis threatening developer infrastructure and rm -rf incident show failure modes ranging from secrets leakage and database wipes to destructive shell commands. Both point to Docker Sandboxes as the safer path, using workspace-scoped execution, blocked credential access, read-only mounts, and isolated Git worktrees to contain agent mistakes.
Watch: Trust, Control, and Shipping in the AI Era
On the latest episodes of Docker’s Ship Happens Podcast, host Per Krogslund explores what AI changes beyond the model: data incentives, trust boundaries, and the runtime controls teams need as software starts moving faster.
- Rethinking AI and Data: Incentives, Trust, and the Future of the Web
Ruben Verborgh, professor at Ghent University and contributor to Tim Berners-Lee’s Solid project, argues that many AI risks start with data-collection incentives. He and Per discuss decentralized web standards, data ownership, smaller task-specific models, and designing systems people can trust. - Shipping Safely in the Age of AI: Feature Ops with Ivar Conradi Osthus
Ivar Conradi Osthus, CTO of Unleash, joins Per to discuss Feature Ops, runtime control, DORA metrics, and AI-driven flag cleanup across distributed systems. The conversation also looks at why enterprise tooling may keep favoring best-of-breed systems over one unified platform.
Around the Community
The Docker community is active across forums and events. Check the Docker Forum for the latest discussions, and the Docker Events page to find upcoming meetups and conferences near you.
- A developer new to Docker and Linux came to the Docker Community Forums for help running a Counter-Strike 1.6 dedicated server in a container. The thread became a practical lesson in two critical fundamentals: container file permissions and missing shared libraries like libstdc++.so.6, plus a key insight: fixes applied interactively in a running container won’t survive a restart unless they’re baked into a Dockerfile. Whether it’s containerizing a legacy game server or a 2am Permission denied error, the Forums are where the community helps unblock the next step!
- Check out the recently launched Labs within Docker docs, where developers can complete hands-on workshops across AI apps, containers, and real-world development workflows.
On the Calendar
Meet our Product and Engineering teams at leading tech conferences, where they share expertise, explore Docker’s latest advancements, and collaborate with the global tech community to shape the future of innovation.
- AI Engineer World’s Fair 2026: San Francisco, USA – June 29 – July 2
Docker will be at AI Engineer’s World’s Fair with workshops, lightning talks, demos, and hands-on sessions focused on secure, production-ready AI systems. Visit the Docker team to explore agent-ready workflows and governed AI infrastructure built for scale. - WeAreDevelopers World Congress: North America – September 2026
Docker is co-hosting the first North American edition of WeAreDevelopers World Congress in September 2026 – a developer-first event spanning AI engineering, open source, backend, and cloud-native. Registration and speaker details are rolling out as the date approaches.
Can’t make it in person? Join upcoming Docker webinars live or on demand.
Explore our on-demand webinar library for sessions from Product and Engineering teams, including:
- Docker 101 – Inner Loop Mastery
If your inner loop still means slow builds, environment drift, and “works on my machine” Fridays, this hour shows what changes with Docker Desktop, Hub, and Compose. - The State of AI Agents: Insights From 800+ Builders and Leaders
Explore insights from the State of AI Agents report and what the shift to autonomous systems means for infrastructure, workflows, and developer control. - From Zero to Agentic: Build Your First Agentic App with Docker
Watch this demo for a working prototype of how to build your first AI agentic app with Docker. - Running Hardened Images in Prod: Beyond CVE Counts
How teams validate, roll out, and operate Docker Hardened Images in production, with DHI Enterprise support for patching, compliance, and customization at scale.
That’s a Wrap
Thank you for reading Docker Navigator! If you enjoyed this issue, please share it with your friends so they can subscribe now.
Got any feedback or suggestions for our next issue? Send comments to newsletter@docker.com.