The AI Agent Risk
AI agents like OpenClaw are incredibly powerful, but their unpredictability creates a significant security challenge. A bug, adversarial input, or hallucination could cause the agent to:
- Delete arbitrary files
- Expose sensitive environment variables
- Consume unlimited resources
- Spawn malicious processes
Our Solution: Hypervisor-Level Isolation
ArcBox uses Firecracker to run each AI agent in a fully isolated virtual machine, providing defense-in-depth:
Network Isolation
Each VM gets its own virtual network interface with strict firewall rules. The agent cannot:
- Access the host network directly
- Modify network configuration
- Perform DNS lookups outside its sandbox
- Access other VMs
Disk Isolation
The agent runs in a read-only root filesystem with only specific mounts:
/tmp- Isolated temporary storage/home- User home directory with strict permissions/data- Application data directory
No access to system files, configuration, or other users' data.
I/O Isolation
CPU, memory, and I/O are limited per VM:
- Memory limits prevent out-of-memory attacks
- CPU shares ensure fair resource allocation
- I/O throttling prevents disk starvation
Implementation Details
All isolation is enforced by the hypervisor itself, not the guest kernel. Even if the agent compromises the guest OS, it cannot escape the VM.
Performance Impact
Despite this heavy isolation, ArcBox adds minimal overhead:
- ~2% CPU overhead for isolation enforcement
- ~5% memory overhead per VM
- <1ms additional latency for I/O operations
Conclusion
Running AI agents in ArcBox provides absolute confidence that they cannot harm your system, no matter what they do.