A Virtual Agent team at Docker: How the Coding Agent Sandboxes team uses a fleet of agents to ship faster

At Docker, the Coding Agent Sandboxes team (internally known as “sbx”) is solving a problem that’s becoming increasingly important as AI coding agents proliferate: how do you safely give autonomous AI agents the freedom to write, test, and deploy code without risking your host system? The answer is a fleet of lightweight, containerized sandboxes that provide each AI agent—whether it’s Claude Code, Gemini, Codex, Docker Agent, or Kiro—complete isolation with full autonomy. Think of it like giving each agent its own isolated development environment where it can do whatever it needs without consequences bleeding back to your infrastructure.

Technically, the magic happens through microVM-based isolation running inside Docker containers. When an AI agent spins up in an sbx sandbox, it gets its own Docker daemon, isolated network stack, and independent filesystem. This is a significant step beyond simple container isolation—the agent can actually run Docker containers within its sandbox, install packages, modify system files, and execute arbitrary code without any of those actions affecting your host machine or other sandboxes. From an architecture perspective, you’re essentially running a mini-Linux environment per agent, but with the efficiency and portability benefits of containerization. The isolation boundary is strict and enforced at the microVM level, which means even if an agent misbehaves or gets compromised, damage stays contained.

The practical implications are substantial. Development teams can safely delegate repetitive coding tasks—refactoring, writing tests, generating boilerplate, even debugging—to autonomous agents without the operational risk that would normally come with “code that writes code.” Imagine an agent that can autonomously spin up a test environment, run your test suite, analyze failures, and propose fixes, all within its sandbox. Teams get faster iteration cycles while maintaining security posture. Real use cases include automated code review assistance, CI/CD pipeline optimization, and infrastructure-as-code generation. For organizations experimenting with AI agents but hesitant about security implications, sbx provides the guardrails needed to move from proof-of-concept to production workloads.

The broader significance is in the pattern Docker is establishing: as AI agents become more sophisticated and autonomous, the infrastructure supporting them needs to evolve too. This isn’t just about security—though that matters—it’s about making it practical for teams to orchestrate multiple specialized agents, each handling different tasks within their own controlled environment. Think of it as microservices architecture applied to AI agents. For practitioners building AI-powered automation, the lesson here is that sandboxing isn’t optional when agents have real autonomy. Whether you’re running agents on your own infrastructure or using cloud platforms, understanding isolation models and microVM technologies is becoming core DevOps knowledge.