OpenClaw security improved as Red Hat maintainer strengthens enterprise deployments

On Tuesday, Sally O’Malley, a principal software engineer at Red Hat, introduced a new open-source tool called Tank OS, designed to make deploying and managing OpenClaw agents more secure and easier to handle at scale.

O’Malley described the project as something she built over a weekend, noting that she saw strong potential for its relevance in the evolving AI landscape and wanted to make it broadly accessible.

Tank OS is aimed at both advanced individual users who want to run OpenClaw locally and IT professionals responsible for managing large deployments of OpenClaw agents within organisations. The tool is intended to improve safety and simplify maintenance when handling multiple agents across systems.

There has already been significant activity around OpenClaw, an open-source initiative that installs an AI agent directly on a local computer. Developers, companies, and startups are actively building tools and workflows around it, while others are introducing alternative solutions they claim offer enhanced security, such as NanoClaw.

O’Malley’s involvement is particularly significant because she is one of the maintainers of OpenClaw, working alongside its creator, Peter Steinberger. Maintainers are responsible for guiding the project’s development, including decisions about features and bug fixes. Her focus has been on improving OpenClaw’s performance in enterprise environments and ensuring compatibility with Red Hat’s Linux distributions. While SOpenAI has hired Steinberger, he continues to lead OpenClaw as an independent open-source project.

O’Malley explained that her interest in OpenClaw stems from its goal of enabling safe and open access to AI tools. At the same time, she began considering how the technology would operate at scale in enterprise environments, which led her to develop Tank OS.

The tool is built on Podman, an open-source container platform developed by Red Hat. Containers allow applications to run independently of the host system, bundling everything needed for execution. This makes it possible to run Linux-based applications across different operating systems, including Windows and macOS. Podman is designed with a “rootless” architecture, meaning containers do not receive elevated privileges on the underlying system, enhancing security.

Tank OS installs OpenClaw within a Podman container on Fedora Linux and converts that container into a bootable image. As a result, OpenClaw launches automatically when the system starts. The setup includes essential components, such as a persistent state that allows the agent to retain memory and secure storage for API keys and other necessary credentials.

The design allows users to run multiple Tank OS instances on a single machine, each dedicated to different tasks. These instances operate independently, ensuring that credentials and data are not shared between them and preventing any single OpenClaw instance from accessing other parts of the system.

Although efforts are underway within the OpenClaw project to improve safety, O’Malley emphasised that the software remains highly powerful and can pose risks if not properly configured. She noted that it is not a tool that can be used easily without some level of technical expertise.

There have already been examples highlighting potential risks, including reports of an AI agent deleting a user’s work email or extracting private messages from applications such as WhatsApp. Additionally, security concerns are growing as malware targeting OpenClaw users emerges.

O’Malley acknowledged that Tank OS itself is not intended for beginners, as it requires familiarity with installing and maintaining software systems. It also enters a space where other container-based implementations already exist, including efforts by NanoClaw using platforms like Docker.

However, Tank OS is specifically designed for enterprise use, particularly for IT teams that may eventually need to manage large numbers of OpenClaw agents across corporate environments. It enables administrators to update and maintain these agents using workflows similar to those already used to manage containerised applications.

O’Malley described her role within the OpenClaw ecosystem as driven by interest in how the technology will evolve at scale, particularly in a future where large numbers of autonomous agents interact with one another across systems.