Security & Sandboxing
How we use gVisor to provide defense-in-depth isolation for your agents.
Security is paramount when running autonomous code. Antigravity employs a multi-layer security model to ensuring that agents are completely isolated from the host infrastructure and from each other.
The gVisor User-Space Kernel
Standard Docker containers share the host kernel, which presents a significant attack surface. If a container escapes, it can compromise the entire server.
Clawn uses gVisor (runsc), a container runtime sandbox developed by Google. gVisor intercepts application system calls and acts as a distinct kernel, running in user-space.
Traditional Docker
IsolationNamespaces only
KernelShared Host Kernel
Attack SurfaceHigh
CLAWN
gVisor Sandbox
IsolationVirtual Kernel
KernelIsolated User-Space
Attack SurfaceMinimal
Network Isolation
In addition to compute isolation, we enforce strict network policies:
- Egress Filtering: Agents can only connect to the internet via approved protocols (HTTP/HTTPS). Direct P2P or intrusive scanning is blocked.
- VPC Peering: Agents generally cannot talk to each other unless explicitly configured in a shared VPC (Virtual Private Cloud).