Rebuilding the Stack for Autonomous AI Agents
Traditional enterprise software stacks were built for humans—people who log in, click through workflows and act at human speed. Autonomous AI agents break that model by operating continuously, at machine speed, and without a human in the loop for every action. That shift is driving demand for dedicated autonomous agent runtimes that can enforce governance and control without blocking automation. Open-source AI agents are emerging as a credible answer, challenging proprietary platforms by combining transparency, extensibility and cost efficiency. Instead of treating agents as just another API client, these runtimes re-architect the base layer around sandboxing, gateway-based credential management and policy enforcement below the application tier. OpenShell and OpenSquilla exemplify this trend from two different angles: OpenShell prioritizes enterprise AI security and governance, while OpenSquilla focuses on token cost optimization and long-horizon context management. Together, they signal how open ecosystems can balance control and efficiency for next-generation autonomous workflows.
OpenShell: Sandbox-First Enterprise AI Security
OpenShell positions itself as a secure, open-source autonomous agent runtime designed to protect enterprise systems from the risks of machine-speed automation. Each agent, along with its harness and model, runs inside its own sandbox, isolated from the host operating system, network and infrastructure. A gateway outside the sandbox maintains credentials and session state, brokering access when agents need to interact with external services such as ServiceNow, Salesforce or Workday. This design ensures agents never hold keys directly, containing the blast radius of prompt injection or arbitrary command execution. Policy enforcement happens below the application layer using Linux kernel primitives like seccomp, eBPF and Landlock, creating a single horizontal control plane rather than bolted-on, per-product security. OpenShell is framework- and model-agnostic, running in environments from desktops to Kubernetes and micro-VMs. Early adoption by LangChain and integration into ServiceNow’s Project Arc and Action Fabric underlines its enterprise AI security ambitions.
OpenSquilla: Token Cost Optimization and Cognitive Memory
OpenSquilla targets a different pain point: spiraling token spend in long-running agent workflows. Its open-source AI agent runtime is built around the premise that most deployments pay for tokens they don’t need to use. In a local test run, three prompts totaling 279,762 tokens cost USD 0.0094 (approx. RM0.04), with 222,848 tokens—about 80% of inputs—served from cache by reusing context instead of reloading it each call. A routing classifier blends hand-crafted signals, such as message length and presence of code blocks, with embedding-based features to score query complexity. Simple tasks route to cheaper models, while deep reasoning is disabled for trivial prompts, cutting token usage by an advertised 60–80% compared to single-model setups. OpenSquilla’s four-tier memory architecture—working, episodic, semantic and raw memory—supports long-horizon work. Local ONNX-based embeddings, dual vector and BM25 retrieval, and daily Memory Dream Consolidation keep data on-device and knowledge structures organized for sustained autonomous workflows.
Syscall Sandboxing and Vendor-Neutral Enterprise Control
Both OpenShell and OpenSquilla highlight how syscall-level sandboxing can address enterprise AI security concerns without locking customers into a single vendor. OpenShell’s design pushes enforcement below the application layer, using kernel-level controls that agents cannot bypass, regardless of which model or framework they use. This creates a consistent, horizontal policy layer that can be reused across tools like Claude Code, Codex or LangChain-based agents. OpenSquilla, meanwhile, offers syscall-level isolation for production deployments on Linux, with a no-op sandbox mode on Windows for development. Its approach demonstrates that secure autonomous agent runtime environments do not have to be tied to proprietary platforms. Instead, organizations can adopt open-source AI agents, wire them into existing governance systems and retain full visibility into how policies are enforced. The result is a vendor-neutral path to secure autonomy, where enterprises maintain control over identity, access and infrastructure while still benefiting from rapid, machine-speed execution.