Coming soon — free early access

Let AI Agents
Loose. Safely.

SophosAI gives autonomous AI agents a full Linux desktop inside an isolated Docker container. They can browse, code, run commands, and interact with GUIs — without ever touching your host machine.

Agent Sandbox — running
$ agent runs freely inside container
rm -rf / — sandbox destroyed, host untouched
pip install anything — no host pollution
browse the web — isolated network
🛡 Host OS Protected
sophosai — sandbox — running
Agent Workspace
// agent modifying app code
import express from 'express'
const app = express()
app.get('/', (req, res) => {
res.json({ status: 'live' })
})
app.listen(3000)
XFCE Desktop — noVNC
  Terminal
agent@sandbox:~$ npm start
Server running on :3000
agent@sandbox:~$ curl localhost:3000
{"status":"live"}
agent@sandbox:~$
Claude agent — active
// how it works

One container. Full autonomy.
Zero host risk.

SophosAI spins up an isolated Docker container with a real Linux desktop, drops your AI agent inside, and lets it work freely while your machine stays untouched.

01 — SANDBOX
Isolated Linux Desktop
Each project gets its own Docker container with Ubuntu, XFCE4, Firefox, a terminal, and a file manager. Resource-limited, network-controlled, destroyed on project delete.
02 — AGENT
AI Agent Lives Inside
A Claude-powered agent reads, writes, and runs code inside the sandbox. It modifies the app's source, checks logs, and auto-commits every change via git. You watch in real time.
03 — STREAM
See Everything Live
The desktop streams to your browser via noVNC. The agent chat shows every tool call. The app preview hot-reloads on every file change. Full transparency, zero guesswork.
// security model

Your agent can rm ‑rf /
all day long.

You won't even notice. Every agent operates inside a disposable Docker container with hard resource limits and a blocked network. It can trash its own sandbox. It can never reach yours.

💻 Your Host Machine
Your OS, files & credentials
Docker Desktop
SophosAI orchestrator
Browser UI
Container
Wall
No escape
Read-only
bind mount
📦 Agent Sandbox
Ubuntu — fully isolated
Capped CPU & memory
Network blocked by default
Agent tools scoped to /app
Path traversal protection
Destroyed on project delete
💥
Agent nukes its filesystem
The agent runs rm -rf / inside the container. Your host doesn't blink. Roll back to any git checkpoint with one click.
✔ sandbox destroyed • host untouched • rollback available
🌐
Agent tries to phone home
Outbound network is blocked by default. DNS resolves to 0.0.0.0. No data exfiltration, no surprise API calls, no crypto miners.
✔ network blocked • DNS sinkholed • zero egress
📂
Agent reads /etc/passwd
Sure — the container's /etc/passwd. Agent tools are bound to /app. Path traversal is caught. Your host filesystem doesn't exist to the agent.
✔ scoped to /app • traversal blocked • host invisible
sophosai agent — my-dashboard
claude-sonnet-4
U
Build a dashboard that tracks Bitcoin price and alerts me when it drops below $80k
write_file src/Dashboard.jsx
write_file src/usePrice.js
exec_cmd npm install
get_logs dev server output
◆ checkpoint — Add Bitcoin price dashboard with alert hook
A
Dashboard is live in the preview panel. It polls CoinGecko every 10s and fires a notification when the price crosses $80k. Checkpointed.
Add a 7-day price chart...
// agent in action

Describe it.
Watch it build.

Tell the agent what you want in plain English. It writes code, installs dependencies, checks logs, and git-commits every change — all inside the sandbox. You see every step in real time.

🤖
10 built-in tools
read_file, write_file, patch_file, exec_cmd, get_logs, git_checkpoint, git_rollback — all scoped to the sandbox.
Hot-reload preview
Every file change triggers a live reload. The preview panel shows your app running in real time — no manual refresh.
📆
Git checkpoint on every change
Every successful modification is auto-committed. Roll back to any point in the timeline with one click.
// bring your own agent

Works with the agents
you already use.

SophosAI is the runtime, not the agent. Drop in Claude Code, OpenClaw, or your own custom agent — they all get the same isolated sandbox.

🤖
SophosAI Agent built-in
The default Claude-powered coding agent. 10 tools for file ops, command execution, and git management. Streams every step over WebSocket.
write_file exec_cmd git_checkpoint get_logs
🦾
OpenClaw supported
26 tools, 13,700+ ClawHub skills. Gets a full XFCE desktop with Firefox so it can browse, run scripts, and interact with GUIs autonomously.
computer_use browser 26 tools 13.7k skills
⌨️
Claude Code supported
Anthropic's CLI coding agent. Runs inside the sandbox's VS Code terminal with OAuth authentication. Full IDE experience, fully contained.
VS Code terminal OAuth code-server
// try it free when it launches

Stop worrying about
what your agent might do.

Get on the waitlist and be the first to run your AI agents in a sandboxed Linux desktop — free when it launches.