Docker is not a security boundary. You’re one prompt injection away from handing over your gmail cookie.

No, but Podman is. The recent escapes at the actual container level have been pretty edge case. It's been some years since a general container escape has been found. Docker's CVE-2025-9074 was totally unnecessary and due to Docker being Docker.

	▲	eyberg 5 hours ago \| parent \| next [-]
		No they have not been. There were at least 16 container escapes last year - at least 8 of them were at the runtime layer. I personally spent way too much time looking at this in the past month: https://nanovms.com/blog/last-year-in-container-security runc: https://www.cve.org/CVERecord?id=CVE-2025-31133 nvidia: https://www.cve.org/CVERecord?id=CVE-2025-23266 runc: https://www.cve.org/CVERecord?id=CVE-2025-52565 youki: https://www.cve.org/CVERecord?id=CVE-2025-54867 Also, last time I checked podman uses runc by default.
	▲	xienze 5 hours ago \| parent \| prev [-]
		The best container security in the world isn’t going to help you when the agent has credentials to third party services. Frankly, I don’t think bad actors care that much about exploiting agents to rm -rf /. It’s much more valuable to have your Google tokens or AWS credentials.