{"title":"Agent Deployment: Docker Hardening","region":"Global","category":"Infrastructure","description":"Security and isolation standards for running AI agents in containerized environments.","lastUpdated":"2026-02-27","steps":["Run container as a non-root user to prevent privilege escalation.","Set CPU and Memory limits to prevent 'Infinite Loop' resource exhaustion.","Mount the root filesystem as read-only where possible.","Use minimal base images (Alpine or Distroless) to reduce the attack surface.","Inject secrets via secure vault or mount; never use plain-text ENV variables.","Implement a health check that triggers a restart if the agent hangs in a loop."],"url":"https://checklist.day/agent-deployment-docker-hardening"}