Descriptions:
Tushar Jain, head of engineering at Docker, addressed one of the most overlooked risks in agentic development at AI Dev 26 in San Francisco: running AI agents directly on developer laptops with broad filesystem and credential access. He opened with a live demonstration showing how scanning a local machine with tools like Claude Code exposes SSH keys, API tokens, and other sensitive credentials stored on a typical developer workstation.
Jain introduced Docker’s new micro VM layer — a lightweight, cross-hardware runtime built specifically for agent workloads — as the foundational first layer of a defense-in-depth security architecture. The model he describes has three layers: containment (isolated environments with least-privilege access), scoped access (per-task credential restrictions, such as limiting a GitHub token’s permissions for a specific agent session), and intent policies (model-driven checks evaluating whether agent actions match stated goals). He also previewed an unreleased internal build called SPX demonstrating scoped GitHub access controls.
Jain directly addressed why Claude Code’s Auto mode, while a useful step, is insufficient as a primary defense — arguing that model-driven safety is inherently inconsistent and can be bypassed by rephrasing requests or clearing context. The talk positions Docker’s next decade as being defined by providing trusted, portable, cross-cloud infrastructure for agent runtimes, analogous to the role Docker containers played in the cloud-native era.
📺 Source: DeepLearningAI · Published May 21, 2026
🏷️ Format: Hands On Build
