COI (Code on Incus) creates lightweight system containers for AI coding agents, providing full machine access without touching the host system. Each agent gets its own persistent environment with systemd, Docker, and package managers, while credentials remain securely on the host. The active defense layer automatically detects and halts malicious behavior such as reverse shells, credential scanning, and data exfiltration attempts. It targets developers running multiple AI agents in parallel who need isolation, visibility, and security guarantees.