OpenClaw has been moving fast, and the safety infrastructure around it has been struggling to keep pace. The open source project that installs an AI agent on a local computer has attracted individuals, companies, and startups all building on top of it, but the enterprise story around secure, manageable deployment has largely remained something organizations must figure out on their own. Red Hat principal software engineer Sally O’Malley decided to change that on a weekend.
O’Malley released Tank OS, a new open source tool that makes OpenClaw safer and considerably easier to deploy and manage at scale, particularly for IT professionals handling fleets of corporate AI agents rather than individuals running a single instance. What gives her position unusual credibility is that she does not sit outside this project as an observer. She maintains OpenClaw directly, working alongside creator Peter Steinberger to determine which features and issues get prioritized, with a specific focus on enterprise use cases and Red Hat Linux compatibility.
Tank OS loads OpenClaw onto Red Hat’s Fedora Linux operating system inside a Podman container and turns that container into a bootable image, meaning OpenClaw launches automatically when the machine starts. Podman’s rootless architecture carries the security model here. Containers running through Podman hold no elevated privileges from the underlying machine, which means a misconfigured or compromised OpenClaw instance cannot reach anything else running on the same computer. Multiple Tank OS instances can run simultaneously on a single machine for different tasks, with no credential sharing between them.
Real incidents motivate the safety focus rather than theoretical concerns. Documented cases include an OpenClaw instance deleting a user’s work emails, another downloading private messages in plain text, and active malware campaigns targeting OpenClaw users specifically. O’Malley describes OpenClaw as incredibly powerful while acknowledging that without proper configuration and technical oversight, it can cause serious damage quickly.
For IT professionals already running container-based infrastructure, Tank OS fits into existing update and management workflows rather than introducing an entirely new operational category to learn. O’Malley built it with a longer horizon in mind, thinking about what enterprise OpenClaw deployment looks like when millions of autonomous agents eventually need coordinating across corporate environments simultaneously. That framing separates Tank OS from most weekend projects. It solves a current problem while anticipating a much larger one that enterprise IT teams have not fully confronted yet.
