https://t.co/ihPg1bKOZj often ends up in comparison articles where its pitched against microVMs, within a very loose rag-tag bunch known as "Agent Sandboxes" - but the truth is, this is like comparing the fly-by-wire limits built into an aircraft control system to an end-of-runway concrete barrier - one governs every control input from within, in real time; the other stops things outside from going wrong when the plane runs out of runway.
A microVM guards the host. What happens inside, is not really its concern or duty to protect . If data is exfiltrated to unknown endpoints, destructive tool calls are made, an agent malfunctions and racks up eye-watering LLM api costs, and then deletes your database - you can't really blame the VM. You got what you signed up for - strong, monolithic, isolation. Not internal governance.
So nono operates at a completely different point in the security model: inside. It enforces capability-based, fine-grained policy, to intercept sensitive or destructive operations, and it audits what the agent is actually doing with tamper resistant , cryptographic claims (the blackbox recorder!). The question isn't "how contained is the damage" - it's "does the agent get to do this at all, in this particular context."
They answer different questions entirely: A VM answers, "if malicious code executes, how do we contain the blast radius from breaching the host and adjacent tenants?" nono answers, "how do I give the agent some authority to use a tool to access AWS credentials and call its APIs, but not allow the same access when its curl using the POST method to send your production credentials in a payload to a public github issue.
Docker not long back announced "we launched Docker Sandboxes with a bold goal: to deliver the strongest agent isolation in the market." That's Great! However, it's not really what your AI weary CISO needs to sleep better at night. Instead, it's resolving a problem that's already mostly solved - in a claimed, much stronger way. AI agents aren't highly focused on breaking isolation, something very difficult to achieve; they want to steal keys and cause wreckage from the inside. Want to see what the future malicious agent looks like? Go check out TeamPCP and their recent pursuits - they aren't bypassing hardware-level isolation with a zero-day, they're letting npm install do the job by executing a post-install scripts to exfiltrate your CI tokens.
BUT - they also harmonise and are formidable when combined - which is why teams and orgs are now deploying nono directly onto AWS Fargate / Firecracker, and hardened Kubernetes bound images - one holds the perimeter; the other governs what runs inside it. You get to sleep a bit easier at night.
If you interested in learning more and working with us to help shape a new approach for a new threat - we are now accepting a limited number of design partners to help us shape the future of AI Agent Security.
@decodebytes Agreed. Sooo good to have an alternative with nono!
What would be rlly cool:
1. Could you share more of your experiences on how to make Claude code and nono work together.
2. A human readable logging system what was done in the sandbox
Would love to have a conv on this :)
what have I been working on for the last 2 weeks at @opencode?
we are bringing workspaces in as a first-class concept: agents will be able to run anywhere: local directory/container/worktree, remote sandbox, or anything. instead of having a single server that only knows about local directories, the server will act as a "control plane" that routes prompts to where they should go
it will manage all of the sessions across these environments and provide a unified layer for all clients to interact with them
we will be smart about this: it's not *only* about routing. we will sync all data from remote environments into the local control plane server. this means the remote env can be destroyed, and we will be able to later recreate a new env with exactly the same state. it's reproducible
note: this is very early and experimental, the UI you see the video is just a prototype and not guaranteed to make it to prod. We hope to start shipping something soon-ish though!
@jlongster Is there a video or tutorial that displays how to use git worktrees? Its super simple with Claude code just to use the --worktree flag. Can't find anything in the opencode docs
@CallumMelly@DavidVorick@notthreadguy@GlowFND Thats great, thanks a lot! What's the methodology behind this?
Does https://t.co/NxxKeY6eVc use some super smart math to calculate this or does the evaluation come from your end?
If so, I'd love a blog post to understand your math or maybe an x article / detailed answer here ;)
@CallumMelly@DavidVorick@notthreadguy@GlowFND Yes, I do... I checked out the link that you provided, but can't find this specific chart.
It would be great to understand, how you derive a USD evaluation (over time) from the metrics that can be found in the glow dashboard.
Eight days after launch, a community member has shipped the first independent app on Autonomi.
No API key. No app store approval. No platform cut. Just a developer, the network, and an idea.
https://t.co/2GGpW3MWz0 - Etch it once. Fetch it forever.
Props @joshclsn!
@bryan_johnson @david_sooner @MartinaMarkota@bryan_johnson picking up on your comment regarding DHEA - are you still taking DHEA daily? ... And if so, why? Would be great to get some insights on this from you ๐
"We are failing to recognize the care work that's happening... that's the most critical work"
@lftherios on providing a different reward model for open source ๐
I just submitted my project for the AI Blueprints with @Filecoin, powered by @encodeclub! Check out more about the programme here: https://t.co/7BRfqc8W4r