Red Hat Engineer Releases Tank OS to Secure OpenClaw AI Agent Deployments

Gate News message, April 28 — Red Hat principal software engineer Sally O'Malley has released Tank OS, an open-source tool that packages OpenClaw—a software platform for deploying AI agents—as a secure, bootable system image. Each OpenClaw instance runs in an isolated container using Podman (a Red Hat container tool) that operates without administrator privileges, preventing any instance from accessing the host machine or other agents. API keys are stored separately per instance, ensuring credential isolation.

The tool addresses critical security concerns in the agentic AI space. In late January, security researcher Mav Levin disclosed CVE-2026-25253, a vulnerability rated 8.8 out of 10 in severity, allowing attackers to steal login credentials and gain full computer control via a single malicious webpage visit. The vulnerability affected more than 17,500 instances before a fix was released on January 30. Additionally, security audits flagged 12–20% of ClawHub add-ons as malicious.

Tank OS is now available at github.com/LobsterTrap/tank-os. O'Malley, who serves as an OpenClaw maintainer, designed the tool with enterprise hardening and Red Hat's Linux ecosystem in mind.