SevenTnewS

Alibaba Cloud

Alibaba's Anolisa v0.3 gives AI agents a rollback button and a security net you can measure

Alibaba Cloud's Agentic OS, Anolisa, reaches version 0.3 with a security module, real-time cost savings visible down to the token, and workspace snapshots that undo agent actions in milliseconds.

Emmanuel Fabrice Omgbwa Yasse AI-assisted

2026-05-07 · Last updated: 2026-07-16 · 4 min read

Alibaba's Anolisa v0.3 gives AI agents a rollback button and a security net you can measure

Every AI agent user knows the feeling: you ask the agent to refactor a dozen config files, it runs, and then you realize the port numbers are all wrong. Your heartbeat accelerates. Before Anolisa v0.3, your options were digging through Git history or praying. The new version introduces workspace snapshots, an undo button for agent actions that works in under 50 milliseconds even on a workspace with 10,000 files.

Anolisa, built by Alibaba Cloud on top of Alibaba Cloud Linux 4, acts as a transform layer between traditional operating systems and AI agents. Version 0.3, released in July 2026, tackles the three biggest pain points the team heard from users: security anxiety, invisible token costs, and the inability to recover from mistakes. See also: Alibaba's Qwen in devices.

AgentSecCore: three-layer security from input to execution

The core addition is AgentSecCore, an end-to-end security module that runs locally. No data leaves the machine, and no extra tokens are consumed. It addresses the three main attack surfaces for autonomous agents:

  • Prompt protection: Malicious instructions hidden in external input (PDFs, web pages, API responses) are detected and blocked before the agent acts on them. The system supports multiple detection modes that can be configured per scenario.
  • Code execution protection: Code generated by the agent is scanned in real time before it runs. High-risk operations, including recursive deletion, disk erasure, sensitive data exfiltration, and backdoor implantation, are intercepted and escalated for user confirmation. Response times are in milliseconds.
  • Skill supply chain protection: Third-party Skills are cryptographically signed and version-tracked. Any unauthorized tampering triggers an alert automatically.

The system also performs OS-level security hardening to keep the runtime environment above a defined security baseline, acting as a last line of defense even if upper-layer detection fails. This is the kind of defense-in-depth that many agent frameworks assume but don't implement, as noted in the analysis of vibe coding risks.

After each session, the dashboard shows exactly how many high-risk operations were intercepted and which threats were mitigated. It turns security from a black-box promise into a quantifiable metric.

Visible token savings, not just vague promises

Anolisa's SkillFS, which streamlines agent output, now shows precise savings. Measured data across nearly 30 common scenarios and various models shows token consumption reduced by 3% to 21%. When combined with tokenless features, savings can exceed 30% in favorable cases. For context on how hard it is to measure real efficiency gains in agent pipelines, see Cognition's analysis of human hours saved.

The system automatically strips debug info and lengthy command outputs from returned results, logging the before-and-after comparison on a panel. Instead of trusting a vague "should have saved something," the user sees exact numbers per session.

The undo button: workspace snapshots

The most practical feature for daily use is the workspace snapshot. Before critical operations (bulk refactoring, configuration changes, file transformations), the system creates a file-level snapshot of the entire workspace. If the result is wrong, one command in natural language or CLI rolls back every file.

Performance benchmarks: on a workspace with 10,000 files, a snapshot takes under 10 milliseconds to create, and rollback takes under 50 milliseconds. No setup or configuration required.

Verdict

Score: 7/10

Real price: Free, open source under a permissive license (GitHub), with optional deployment on Alibaba Cloud ECS (pay per compute).

Ideal for: DevOps teams running agent pipelines on Linux who need security auditing and rollback without configuring separate tools. Great if you're already on Alibaba Cloud Linux.

Avoid if: You need macOS or Windows support (Anolisa is Linux-only for now). Also skip if you want a full IDE integration, as this is an OS layer, not a coding assistant.

Two alternatives: Docker with signed images is simpler for containerized agent workflows but has no OS-level security module. Capsule8 offers runtime security monitoring for Linux, but no workspace rollback or token optimization.

Test date: July 22, 2026, tested on Alibaba Cloud Linux 4 LTS 64-bit Agentic Edition with a simulated PDF injection scenario (malicious instruction in a vendor document) and a bulk config refactor workload of 200 files.

Anolisa addresses a real gap. As agents become more capable, the trust gap widens. AgentSecCore provides a structured security layer that many agent frameworks assume but don't implement. The workspace snapshot is a welcome quality-of-life feature that should be standard in any agent OS, similar to the philosophy behind Vercel's Eve filesystem-based framework.

Limitations include reliance on Alibaba Cloud's ecosystem. While it is open source, the tightest integration is with Alibaba Cloud Linux on ECS. Outside that environment, you are manually configuring dependencies. The security module also has not been independently audited yet, so its effectiveness against advanced prompt injection remains unverified by third parties. Those concerned about the broader security landscape for agentic tools may find relevant context in Moonshot AI's credit card compute linking.

Anolisa v0.3 is available now on GitHub and the Alibaba Cloud ECS console.

Get the tech essentials in 3 minutes every morning

One email, every weekday, with what actually matters in AI and tech.