OpenRig launches secure multi-user agent runtime

This is a serious attempt to make autonomous agents usable inside enterprise perimeters without hand-waving away the exfiltration problem. The interesting bet is that OpenRig treats OS isolation and network policy as the product, not just the prompt layer.

• –Per-session firejail sandboxes, dropped capabilities, seccomp filters, and isolated network namespaces give it a much stronger security story than typical single-user agent shells
• –The default intranet-only network policy is unusually opinionated and directly addresses the biggest enterprise fear around agent tooling: sensitive data leaking to the public internet
• –Support for per-user credentials, persistent storage, cronjobs, and admin controls makes it look more like shared internal infrastructure than a hacker demo
• –Requiring a privileged Docker container and cgroup v2 will limit where teams can deploy it, but that tradeoff is part of how it achieves meaningful isolation
• –As an early BSD-licensed project with zero GitHub stars and no broader launch footprint yet, this is promising infrastructure that still needs real-world validation