The complete separation of resources, data, and credentials between different customers (tenants) on a shared platform.
Tenant isolation ensures that Customer A cannot access Customer B's data, credentials, agent configuration, or audit logs — even though they share the same infrastructure.
Clawctl achieves tenant isolation through per-tenant Docker environments, separate encrypted credential stores, isolated file systems, and independent network namespaces. Each tenant gets their own OpenClaw instance running in its own container.
This is not just logical separation (different database rows). It is physical separation at the container level. A compromised tenant cannot lateral-move to another tenant because there is no shared execution environment.
Multi-tenant platforms that lack proper isolation are one vulnerability away from a breach affecting all customers. Tenant isolation contains incidents to a single customer, protecting everyone else.
Clawctl provides per-tenant Docker isolation by default. Separate containers, credentials, file systems, and network namespaces. No shared resources between tenants.
Try Clawctl — 60 Second DeployTruly isolated. Each tenant gets their own Docker container with separate file system, network, and credentials.
No. Complete separation by default. Enterprise plans can configure controlled resource sharing for multi-agent setups within a single tenant.
The blast radius is limited to that tenant. Other tenants are unaffected due to container-level isolation.
Agent Isolation
The separation of AI agents into isolated environments so that one compromised agent cannot affect others.
Docker Sandbox
A Docker container configured with restricted permissions that isolates an AI agent from the host system and other containers.
Encrypted Secrets
API keys and credentials stored with AES-256 encryption at rest, only decrypted and injected into the agent at runtime.
Network Policy
Rules that define which network connections an AI agent can make — inbound and outbound — at the container or cluster level.