Security Tool N/A

Matchlock - AI Agent Sandbox with MicroVMs

CLI tool for running AI agents in ephemeral microVMs with network allowlisting, secret injection via MITM proxy, and VM-level isolation. Boots in under a second, uses copy-on-write filesystems. Secrets never enter the VM. Works on Linux (KVM) and macOS (Apple Silicon).

Details

Author / Organization Jingkai He

Type Security Tool

Published February 9, 2026

Severity N/A

Fix Available No

Recommendations Consider for high-security AI agent deployments where credential protection and network isolation are critical.

Key Findings

Provides VM-level isolation for AI agents with network allowlisting and secure secret injection. Prevents credential leakage even if agent is compromised.

#Security Tool #Tool #supply-chain

Related Resources

21,639 Exposed OpenClaw Instances Found

Censys security scan identified 21,639 OpenClaw instances exposed to public internet without authentication. Over 30% running on Alibaba Cloud. Represents massive attack surface with private messages, API keys, and OAuth credentials accessible. 21x growth in under one week demonstrates rapid adoption and exposure.

Official Security Documentation

Comprehensive official security documentation covering OpenClaw's threat model, access control, authentication modes, sandboxing, DM pairing policies, tool permissions, and incident response. Details the security audit command, credential storage locations, and hardening best practices.

What Security Teams Need to Know About OpenClaw

Enterprise security assessment with detection guidance. Covers visibility via Falcon platform, discovery of OpenClaw deployments, removal workflows, prompt injection threats, and runtime protection with Falcon AIDR. Demonstrates blocking prompt injection attacks and provides enterprise-scale detection/response capabilities.