On March 30, 2026, Alibaba Cloud announced that its self-developed operating system Alibaba Cloud Linux has completed a key transition, officially launching the next-generation operating system for AI agents — ANOLISA.
ANOLISA is Alibaba Cloud's first operating system designed specifically for AI agents. Its emergence signifies that the primary user entity of future operating systems is gradually shifting from humans to agents. As a large number of "AI employees" become the main productive force, AI is driving fundamental changes in production methods. AI agents are fundamentally different from traditional human usage in decision workflows, reasoning approaches, and interaction patterns.
In response to this evolutionary trend, ANOLISA internalizes runtime optimization and secure execution environments as core system capabilities, incorporates cloud infrastructure best practices as out-of-the-box Skills, and provides 24/7 agent observability and assurance services. It aims to address pain points faced by agents such as OpenClaw, including high onboarding barriers, lengthy tuning workflows, poor stability, security limitations, and the complexity of multi-agent collaboration. ANOLISA not only provides an ideal digital foundation for agent frameworks like OpenClaw, but also marks a fundamental shift in the computing paradigm from "traditional software payloads" to "agent payloads".
The ANOLISA architecture draws on the tiering philosophy of traditional operating systems, enabling agents to run on a unified infrastructure like applications through the core layer and the runtime layer. The runtime layer ensures that each agent executes securely in a controlled environment. Built-in Skills provide out-of-the-box general-purpose capabilities so agents don't need to reinvent the wheel. Combined with the top-level Copilot Shell (cosh), agents can invoke system resources just as humans operate a terminal. This layered decoupling design allows different types of agents to combine capabilities on demand, balancing security, O&M, and scalability.

Agents have evolved from simple conversations to "AI employees" capable of completing complex jobs. However, traditional operating systems have complex instructions, and agents often "have brains but are unfamiliar with the environment," relying on extensive environmental probing and perception to achieve reasonable task execution. Moreover, over 50% of skills in the open source marketplace are procedural and urgently need system-level adaptation and optimization. As a result, training an agent that can be "on duty" incurs high costs.
To address these pain points, ANOLISA provides a solution of "native skill-based encapsulation":
• Native skill-based encapsulation: ANOLISA encapsulates complex Linux O&M, deployment, and tuning actions as well as high-frequency skills into standardized Skill modules. These skills cover system administration, performance tuning, security O&M, and foundational skills for common roles. They naturally match the procedural execution features of agents, allowing agents to directly invoke these capabilities without consuming additional compute resources to "learn" or "adapt."
• Measured performance: Within system administration and O&M scenarios, token overhead differs by more than 30% compared with traditional OS environments. Taking the scenario of using OpenClaw for system vulnerability monitoring and fix as an example, during the CVE evaluation phase, ANOLISA saves 60% of token overhead compared with traditional operating systems under the same LLM base.
In traditional environments, agent deployment and configuration are complex, initialization takes a long time, and continuous health monitoring is lacking. As a result, "digital workers" are prone to disconnection and difficult to maintain.
To address this, ANOLISA provides solutions from two dimensions: interaction entry and observability:
• At the interaction layer, ANOLISA introduces a dual-mode interaction entry (Copilot Shell, or cosh), overriding traditional bash.
• At the observability layer, ANOLISA provides built-in system-level token statistics. It supports collecting token consumption statistics by different agents and analyzing the proportion of token consumption components, such as the system prompt, skills registry, and history of input tokens. Token observability helps users accurately attribute token consumption, quickly locate abnormal behaviors, and continuously optimize agent running performance.
When agents are granted autonomous execution rights, the threat of "intelligent loss of control" increases dramatically. There is no operating system-level solution for skill supply chain poisoning, agent unauthorized operations, or data breaches.
To address these security challenges, ANOLISA provides four core mitigation capabilities based on AgentSecCore:
• Skill Digital Signature and Integrity Checksum: Introduces the AgentSecCore security core module to implement strict digital signature and hash checksum for each built-in skill. Prevents tampering and poisoning before loading and establishes a trusted supply chain.
• Runtime Behavior Control and Sandbox Fencing: Monitors agent operation behavior in real time based on Bubblewrap and seccomp technologies, and automatically blocks dangerous instructions such as illegal deletion and unauthorized access. Enables a process-level lightweight container sandbox for each agent process to achieve resource isolation among multiple agents, minimizing threats even if behaviors are abnormal.
• Host privacy info protection: prevents leaks of operating system and host privacy identity info. Intercepts and blocks sensitive host identity info that AI agents attempt to obtain and exfiltrate during job execution through multiple attack vectors, such as direct queries, toolchain exploitation, and indirect prompt injection.
• System security hardening: establishes a secure run environment for agents and provides a baseline security level through authentication and hardening. Uses the LoongShield seharden tool to scan and harden the operating system security baseline, ensuring that the host system on which agents run meets security baseline requirements.
From GPU hardware and software ecosystems to today's Agent-as-a-Service, the evolution of compute platforms has always centered on lowering barriers and releasing potential. ANOLISA empowers agents with real execution capabilities through built-in management Skills, redefines the human-agent interaction interface through Copilot Shell, and uses AgentSecCore to establish a solid security foundation for autonomous intelligence. ANOLISA is becoming the solid, reliable, and AI-native core cornerstone of the Agentic AI era.
ANOLISA is now available in the Alibaba Cloud ECS console and is open source on GitHub. Developers and enterprises are welcome to try it out:
ANOLISA — the system butler for AI Agents, dedicated to building a more efficient and secure Agent-native environment.
We're entering the era of Agentic OS — a new paradigm for intelligent operating systems. ANOLISA is your entry point: a translation layer that sits on top of traditional OS, helping agents interact with the system more naturally and perform at their best. With ANOLISA, we're redefining the operating system to deliver the complete Agentic OS experience. Build your Agentic OS with ANOLISA.
Note: ANOLISA stands for Agentic Nexus Operating Layer & Interface System Architecture.
109 posts | 6 followers
FollowAlibaba Cloud Community - April 17, 2026
CloudSecurity - April 30, 2026
Alibaba Cloud Native Community - June 15, 2026
Alibaba Cloud Native Community - October 11, 2025
CloudSecurity - April 21, 2026
Alibaba Cloud Community - April 24, 2026
109 posts | 6 followers
Follow
Alibaba Cloud Model Studio
A one-stop generative AI platform to build intelligent applications that understand your business, based on Qwen model series such as Qwen-Max and other popular models
Learn More
Alibaba Cloud for Generative AI
Accelerate innovation with generative AI to create new business success
Learn More
Qwen
Full-range, open-source, multimodal, and multi-functional
Learn More
Alibaba Cloud Linux
Alibaba Cloud Linux is a free-to-use, native operating system that provides a stable, reliable, and high-performance environment for your applications.
Learn MoreMore Posts by OpenAnolis