×
Community Blog Alibaba Cloud Releases ANOLISA (Agentic OS): The First Agent-Oriented Operating System

Alibaba Cloud Releases ANOLISA (Agentic OS): The First Agent-Oriented Operating System

This article introduces ANOLISA Alibaba Cloud's new operating system designed specifically for AI agents, which provides built-in skills, a Copilot Sh.

On March 30, 2026, Alibaba Cloud announced that its self-developed operating system Alibaba Cloud Linux has completed a key transition, officially launching the next-generation operating system for AI agents — ANOLISA.

ANOLISA is Alibaba Cloud's first operating system designed specifically for AI agents. Its emergence signifies that the primary user entity of future operating systems is gradually shifting from humans to agents. As a large number of "AI employees" become the main productive force, AI is driving fundamental changes in production methods. AI agents are fundamentally different from traditional human usage in decision workflows, reasoning approaches, and interaction patterns.

In response to this evolutionary trend, ANOLISA internalizes runtime optimization and secure execution environments as core system capabilities, incorporates cloud infrastructure best practices as out-of-the-box Skills, and provides 24/7 agent observability and assurance services. It aims to address pain points faced by agents such as OpenClaw, including high onboarding barriers, lengthy tuning workflows, poor stability, security limitations, and the complexity of multi-agent collaboration. ANOLISA not only provides an ideal digital foundation for agent frameworks like OpenClaw, but also marks a fundamental shift in the computing paradigm from "traditional software payloads" to "agent payloads".

ANOLISA Architecture

The ANOLISA architecture draws on the tiering philosophy of traditional operating systems, enabling agents to run on a unified infrastructure like applications through the core layer and the runtime layer. The runtime layer ensures that each agent executes securely in a controlled environment. Built-in Skills provide out-of-the-box general-purpose capabilities so agents don't need to reinvent the wheel. Combined with the top-level Copilot Shell (cosh), agents can invoke system resources just as humans operate a terminal. This layered decoupling design allows different types of agents to combine capabilities on demand, balancing security, O&M, and scalability.

1_

Core Breakthrough 1: Drastically Reducing Token Overhead with Preset Skills to Get Agents "On Duty" Quickly

Agents have evolved from simple conversations to "AI employees" capable of completing complex jobs. However, traditional operating systems have complex instructions, and agents often "have brains but are unfamiliar with the environment," relying on extensive environmental probing and perception to achieve reasonable task execution. Moreover, over 50% of skills in the open source marketplace are procedural and urgently need system-level adaptation and optimization. As a result, training an agent that can be "on duty" incurs high costs.

To address these pain points, ANOLISA provides a solution of "native skill-based encapsulation":

Native skill-based encapsulation: ANOLISA encapsulates complex Linux O&M, deployment, and tuning actions as well as high-frequency skills into standardized Skill modules. These skills cover system administration, performance tuning, security O&M, and foundational skills for common roles. They naturally match the procedural execution features of agents, allowing agents to directly invoke these capabilities without consuming additional compute resources to "learn" or "adapt."

Measured performance: Within system administration and O&M scenarios, token overhead differs by more than 30% compared with traditional OS environments. Taking the scenario of using OpenClaw for system vulnerability monitoring and fix as an example, during the CVE evaluation phase, ANOLISA saves 60% of token overhead compared with traditional operating systems under the same LLM base.

Core Breakthrough 2: Launch Copilot Shell with a Single Command for Full-Process Agent Observability

In traditional environments, agent deployment and configuration are complex, initialization takes a long time, and continuous health monitoring is lacking. As a result, "digital workers" are prone to disconnection and difficult to maintain.

To address this, ANOLISA provides solutions from two dimensions: interaction entry and observability:

At the interaction layer, ANOLISA introduces a dual-mode interaction entry (Copilot Shell, or cosh), overriding traditional bash.

  • For human users, it is the default agent built into the system and can be used directly to manage the system, complete O&M operations, and even initialize other agents.
  • For AI agents, it supports collaborative work in sub-agent mode. Agents can directly invoke preset skills to complete common jobs without consuming tokens to explore the environment.
  • Deploy common AI agents (such as OpenClaw) with a single sentence using the companion AI Shell assistant OS Copilot. No complex manual environment configuration is needed — a single instruction instantly starts your "digital worker".

At the observability layer, ANOLISA provides built-in system-level token statistics. It supports collecting token consumption statistics by different agents and analyzing the proportion of token consumption components, such as the system prompt, skills registry, and history of input tokens. Token observability helps users accurately attribute token consumption, quickly locate abnormal behaviors, and continuously optimize agent running performance.

Core Breakthrough 3: AgentSecCore End-to-End Security Protection, Building a Firewall Against "Intelligent Loss of Control"

When agents are granted autonomous execution rights, the threat of "intelligent loss of control" increases dramatically. There is no operating system-level solution for skill supply chain poisoning, agent unauthorized operations, or data breaches.

To address these security challenges, ANOLISA provides four core mitigation capabilities based on AgentSecCore:

Skill Digital Signature and Integrity Checksum: Introduces the AgentSecCore security core module to implement strict digital signature and hash checksum for each built-in skill. Prevents tampering and poisoning before loading and establishes a trusted supply chain.

Runtime Behavior Control and Sandbox Fencing: Monitors agent operation behavior in real time based on Bubblewrap and seccomp technologies, and automatically blocks dangerous instructions such as illegal deletion and unauthorized access. Enables a process-level lightweight container sandbox for each agent process to achieve resource isolation among multiple agents, minimizing threats even if behaviors are abnormal.

Host privacy info protection: prevents leaks of operating system and host privacy identity info. Intercepts and blocks sensitive host identity info that AI agents attempt to obtain and exfiltrate during job execution through multiple attack vectors, such as direct queries, toolchain exploitation, and indirect prompt injection.

System security hardening: establishes a secure run environment for agents and provides a baseline security level through authentication and hardening. Uses the LoongShield seharden tool to scan and harden the operating system security baseline, ensuring that the host system on which agents run meets security baseline requirements.

Conclusion: Defining the Compute Cornerstone of the Agentic AI Era

From GPU hardware and software ecosystems to today's Agent-as-a-Service, the evolution of compute platforms has always centered on lowering barriers and releasing potential. ANOLISA empowers agents with real execution capabilities through built-in management Skills, redefines the human-agent interaction interface through Copilot Shell, and uses AgentSecCore to establish a solid security foundation for autonomous intelligence. ANOLISA is becoming the solid, reliable, and AI-native core cornerstone of the Agentic AI era.

ANOLISA is now available in the Alibaba Cloud ECS console and is open source on GitHub. Developers and enterprises are welcome to try it out:


ANOLISA — the system butler for AI Agents, dedicated to building a more efficient and secure Agent-native environment.

We're entering the era of Agentic OS — a new paradigm for intelligent operating systems. ANOLISA is your entry point: a translation layer that sits on top of traditional OS, helping agents interact with the system more naturally and perform at their best. With ANOLISA, we're redefining the operating system to deliver the complete Agentic OS experience. Build your Agentic OS with ANOLISA.

Note: ANOLISA stands for Agentic Nexus Operating Layer & Interface System Architecture.

0 1 0
Share on

OpenAnolis

109 posts | 6 followers

You may also like

Comments

OpenAnolis

109 posts | 6 followers

Related Products