Hardened Containerization via SCRATCH
Many enterprise container deployments are plagued by a massive, hidden attack surface: Base Image Vulnerabilities. When an application is bundled into a generic container base (like Ubuntu, Debian, or even Alpine Linux), it inherits hundreds of operating system utilities, shell binaries, and package managers that the application never actually uses.
If an AI agent suffers a severe prompt injection attack that attempts to achieve Remote Code Execution (RCE) on the proxy layer, attackers typically exploit these unnecessary OS tools (like curl, bash, or tar) to perform privilege escalation or execute lateral movement.
Panovista eliminates this entire vector by compiling its Go binary to run inside an absolute minimalist environment: an empty scratch container image.
What is a “scratch” Container?
In Docker, scratch is an explicitly empty image. It contains zero files, zero folders, zero package managers, and absolutely no shell environment.
Our build pipeline compiles the Panovista proxy code down into a single, statically-linked, self-executing Go binary. We then drop that solitary file directly into the empty scratch frame alongside the root SSL certificates required for outbound TLS handshakes.
The Panovista Architecture
# Sneak peek at the Panovista deployment image layout
FROM scratch
# Inject only the compiled binary and root SSL certs for TLS handshakes
COPY panovista-proxy /panovista-proxy
COPY ca-certificates.crt /etc/ssl/certs/
# Expose the local MCP routing port
EXPOSE 4321
ENTRYPOINT ["/panovista-proxy"]
Security Benefits of an Empty Base Image
Deploying an AI firewall should never introduce new vulnerabilities into your cluster. By utilizing a scratch base, Panovista fundamentally alters the security posture of your deployment:
- Zero CVE Footprint: Because there is no underlying operating system or package manager, automated security scanners (like Snyk, Trivy, or AWS Inspector) register exactly zero Common Vulnerabilities and Exposures (CVEs).
- Immunized Against Shell Execution: If an attacker attempts a remote code execution (RCE) attack against the container, the exploit will immediately fail. There is literally no shell (
/bin/shor/bin/bash) inside the container environment to execute commands. - Minimalist Image Size: The entire container image is less than
20MB. This drastically speeds up container registry pull times during auto-scaling events, moving instances from cold-start to active traffic handling in milliseconds.
The Attack Surface Comparison
| Security Vector | Standard Alpine/Ubuntu Image | Panovista scratch Image |
|---|---|---|
Shell Access (/bin/sh) |
Present (Vulnerable to RCE payloads) | Non-existent (RCE payloads fail instantly) |
Package Managers (apt) |
Present (Attackers can download malware) | Non-existent (No way to install tools) |
| Vulnerability Scanners | Dozens of upstream OS CVEs | Zero Findings (No OS to scan) |
| File System | Mutable by default | Read-Only / Stateless |
Even if an attacker somehow bypasses the Model Context Protocol (MCP) authentication layer and attempts to break out of the Panovista sandbox, they are trapped in a void. They cannot download an external exploit, they cannot read sensitive environment variables, and they cannot launch a reverse shell.