Red Hat Engineer Sally O'Malley Launches Tank OS to Secure OpenClaw Enterprise Deployments

Sally O'Malley, a principal software engineer at Red Hat and a maintainer for the OpenClaw open-source project, has launched Tank OS. This new open-source tool is designed to help IT professionals and power users safely deploy and manage fleets of OpenClaw AI agents on local computers. O'Malley originally built the project over a weekend to address the impending enterprise adoption of autonomous AI, noting her desire to bring a robust security solution to the masses. The software is specifically geared toward mitigating the risks of experimental AI by simplifying how local agents are maintained en masse.

At its technical core, Tank OS operates by packaging the OpenClaw software alongside Red Hat's Fedora Linux operating system into a bootable container image, which automatically launches the agent upon computer startup. It relies heavily on Podman, an open-source containerization tool created by one of O'Malley's Red Hat colleagues. Because Podman is inherently rootless, it strictly limits the container from gaining any administrative privileges on the underlying host machine. This isolated architecture ensures that users can run multiple Tank OS instances on a single computer to handle different tasks simultaneously. Under this setup, no OpenClaw instance can access the host system, and individual agents are prevented from sharing passwords or credentials with one another.

Beyond providing strong system isolation, the tool incorporates essential features required to make OpenClaw operate autonomously without constant human oversight. Tank OS retains state, which grants the AI agent a necessary form of memory, and includes secure storage mechanisms for the API keys needed to access external subscriptions and services. For corporate IT departments, which represent Red Hat's primary customer base, this centralized setup proves especially beneficial. It allows administrators to deploy, update, and monitor vast fleets of corporate OpenClaw agents using the exact same standardized processes they currently rely on to manage their other containerized software applications.

The development of dedicated sandboxing environments addresses critical security vulnerabilities currently associated with local AI agents. While O'Malley describes OpenClaw as an incredibly powerful application, she explicitly warns that misconfigured agents pose severe risks for users who lack technical installation experience. The broader technology community has already documented alarming instances of agents malfunctioning or overreaching their intended scope. In one case, a Meta AI security researcher's agent began deleting all of her work emails, while another errant agent downloaded a user's private WhatsApp direct messages in plain text.

O'Malley's contribution carries significant weight because of her official position within the core OpenClaw development team. She works directly alongside project creator Peter Steinberger, who continues to lead the independent open-source project despite recently being hired by OpenAI, to determine which features and bugs receive attention. Her specific developmental focus remains on optimizing the platform for enterprise use cases. The launch of Tank OS also arrives amid rising competition from startups developing alternative autonomous agents. Competitors like NanoClaw claim to offer safer alternatives, utilizing the well-known Docker platform for their own container — based security measures.