Security
Your AI agent runs inside a Firecracker microVM — the same technology that powers AWS Lambda. Hardware-level isolation means no other user can ever access your data, even in theory.
The isolation model
Most hosting platforms run your AI agent in a container — a lightweight process that shares the operating system kernel with every other container on the same machine. If one container is compromised, an attacker with a kernel exploit can reach all others.
OmniClaw takes a different approach. Each agent boots inside a Firecracker microVM: a minimal virtual machine with its own Linux kernel, its own memory space, and its own network stack. The host machine cannot see inside the VM, and the VM cannot see outside its boundary.
Firecracker was built by Amazon to isolate AWS Lambda functions from each other. It starts in under 250 milliseconds and uses as little as 5 MB of memory overhead. We use the same technology to give every OmniClaw agent the isolation that used to require a dedicated server.
Threat model
In shared hosting, a vulnerability in one container can expose all others on the same machine. MicroVMs eliminate this by placing a hardware boundary between tenants.
API keys stored as environment variables can be logged, dumped, or exfiltrated. Our vault injects secrets at boot and they exist only in memory — never on disk.
Each VM has its own filesystem, network namespace, and process tree. There is no shared state between agents — not even a shared /tmp directory.
Comparison
| Feature | OmniClaw | Container hosting | Self-hosted |
|---|---|---|---|
| Isolation level | Dedicated Linux kernel (hardware boundary) | Shared kernel (process boundary) | Full machine (you manage it) |
| Breakout risk | Requires hypervisor exploit | Kernel exploit sufficient | Depends on your setup |
| Credential storage | Encrypted vault, injected at boot | Environment variables or secrets manager | Your responsibility |
| Network policy | Blocked by default, allowlist only | Open by default | Your responsibility |
| Data residency | EU (Finland + Germany) | Varies by provider | Wherever you host |
| Auto-destroy | 24h TTL, zero leftover state | Persistent by default | Manual cleanup |
| Setup effort | 60 seconds, no code | Docker + K8s knowledge needed | Full server administration |
Data residency
All OmniClaw infrastructure runs on bare-metal servers in Finland and Germany. Your agent's VM, the credential vault, and all associated data remain within the EU at all times.
We do not use US-based cloud providers for compute or storage. This makes OmniClaw a straightforward choice for GDPR compliance — your data never crosses an ocean.
FI
Helsinki, Finland
DE
Frankfurt, Germany
Credential vault
When you store an API key in the OmniClaw vault, it is encrypted at rest using AES-256. When your agent's VM boots, the key is injected into the VM's memory as an environment variable and then deleted from the orchestration layer.
Inside the VM, the key exists only in process memory. It is never written to the filesystem. When the VM shuts down, the memory is reclaimed and the key ceases to exist. Even if someone gained access to the VM's disk image, there would be nothing to find.
The vault is write-only from the dashboard. After storing a key, you can update or delete it, but you cannot read it back. This ensures that even a compromised dashboard session cannot exfiltrate your credentials.
Connect WhatsApp and your agent runs in its own isolated VM. No infrastructure to configure.