A new open-source project, code-on-incus (COI), has been introduced, providing autonomous AI agents with a full yet completely isolated runtime environment based on Incus containers. This solution allows delegating complex system tasks to agents while ensuring a high level of protection for the main host system.

What Happened
A developer has introduced the COI tool, which utilizes Incus technologies to create secure environments. Each agent is granted access to root, Docker, and systemd within an isolated container. For active system protection, mechanisms for detecting reverse shells and automatically interrupting suspicious activity at the kernel level via nftables have been implemented.
Context
Traditional methods of isolating AI agents are often limited to simple application-level sandboxes, which prevents agents from performing full system operations. There is a fundamental conflict between the need to grant agents broad permissions (e.g., for managing Docker or system services) and the risk of compromising the user's local operating system.
Why It Matters for the Industry
The project marks a transition from application-level isolation to system-level isolation. This creates a reliable standard for 'agent infrastructure,' where each autonomous agent operates in its own ephemeral and secure micro-instance. Such mechanisms could become a standard for CI/CD pipelines and agent orchestration platforms, ensuring the secure operation of tools with broad privileges.
Why It Matters for Users
Developers and users of AI tools, such as Claude Code or OpenCode, can now run agents with full terminal and Docker access without fearing for the safety of personal data and the security of the main OS. This significantly lowers the barrier to entry for the secure use of advanced automation tools in local and cloud environments.
Sources
Author
Look at AI, Editorial Team
