It was a whirlwind for NanoClaw creator Gavriel Cohen.
About six weeks ago, he introduced NanoClaw to Hacker News as a tiny, open-source, secure alternative to the AI agent-building sensation OpenClaw, after building it over a coding weekend. That the post went viral.
“I sat on the couch in my sweatpants,” Cohen told TechCrunch, “and I basically melted [it] all weekend, probably almost 48 hours straight.”
About three weeks ago, an X post praising NanoClaw by a famous AI researcher Andrej Karpathy has gone viral.
About a week ago, Cohen shut down the AI marketing startup to focus full-time on NanoClaw and launch a company around it called NanoCo. Attention from Hacker News and Karpathy had translated into 22,000 stars on GitHub, 4,600 forks (people creating new releases outside of the project), and over 50 contributors. He has already added hundreds of updates to his project with hundreds more in the queue.
Now, on Friday, Cohen announced an agreement with Docker — the company that essentially invented the NanoClaw container technology relies on and counts millions of developers and nearly 80,000 enterprise customers — to integrate Docker Sandboxes into NanoClaw.
OpenClaw’s Scary Security
It all started when Cohen launched a marketing AI startup with his brother, Lazer Cohen, a few months ago. The startup offered marketing services like market research, market transition analysis and blog posts through a small team of people using AI agents.
Techcrunch event
San Francisco, California
|
13-15 October 2026
The agency began booking clients and was on track to reach $1 million in annual recurring revenue, the brothers told TechCrunch.
“It’s been going really well, a lot of traction. I’m a big believer in this business model of AI service companies that have profit margins and act like a software company but actually provide services,” said Cohen, a computer programmer who previously worked for the website hosting company Wix.
He had built the agents used by the startup, largely using Claude Code, each designed to do specific tasks. But “one piece” was missing, he said. The agent could do work when asked, but people couldn’t schedule work in advance or connect agents to group communication tools like WhatsApp and delegate tasks that way. (WhatsApp is to most people what Slack is to corporate America.)
Cohen heard about OpenClaw, the popular AI agent tool whose creator now works for OpenAI. Cohen used it to create these final interfaces and loved it.
“There was this big moment: This is the piece that connects all these separate workflows I’ve created,” he said, and immediately decided, “I want more of these: in R&D, in product, in customer management,” one for each task the startup had to handle.
But then OpenClaw scared the crap out of him.
While investigating a performance hiccup, he came across a file where the OpenClaw agent had downloaded all of his WhatsApp messages and stored them in plain, unencrypted text on his computer. Not just the work-related messages that were explicitly given access, but all of his personal messages as well.
OpenClaw has been widely panned as a “security nightmare” because of how it accesses memory and account permissions. It is difficult to restrict its access to data on a machine once it is installed.
That issue will likely improve over time given the project’s popularity, but Cohen had another concern: OpenClaw’s sheer size. As he researched security options for it, he saw all the packages that were included with it. It included an “obscure” open source project he had written a few months earlier to edit PDF files using a Google image processing model. He had no idea it was there — he wasn’t even actively maintaining this project.
He realized that there was no way to validate all of OpenClaw’s code and its dependencies, which, by some estimates, extends to 800,000 lines of code.
So he built his own in just 500 lines of code, meant to be used for his company, and shared it. He supported it Apple’s new container technologywhich creates isolated environments that prevent software from accessing data on a machine beyond what it is expressly authorized to use.
It’s going viral
At 4 a.m., a few weeks after he shared it on Hacker News, his phone started ringing non-stop. A friend had seen Karpathy’s post and urged Cohen to wake up and start tweeting, which he did, sparking a debate with the famous AI researcher.
Attention to NanoClaw followed like a landslide. More tweets, YouTube reviews by developersand news. A domain squatter even grabbed a NanoClaw website URL. The right thing is nanoclaw.dev.
Then Oleg Šelajev, a developer working for Docker, reached out. Šelajev saw the buzz and modified NanoClaw to replace Apple’s container technology with Docker’s competing alternative, Sandboxes.
Cohen had no hesitation in promoting support for Sandboxes as part of the main NanoClaw project. “It’s no longer my personal agent running on my Mac Mini,” he remembers thinking. “This now has a community around it. There are thousands of people using it. Yeah, I said, I’ll switch to the standard.”
For all the changes these weeks have brought to Cohen and his brother Lazer, now NanoCo’s CEO and chairman, respectively, one area remains to be figured out: how NanoCo will make money.
NanoClaw is free and open source, and as all that goes, the Cohens swear it always will be. They know they’d be vilified if they ever betrayed the open source community by changing this. Currently, the Cohens live on a fundraising cycle for friends and family, they said.
While they’re cautious about announcing their business plans — in large part because they haven’t had a chance to fully articulate them — VCs are already calling, they say.
The game plan is to create a fully supported commercial product with services that include so-called future engineers — experts who are embedded directly with client companies to help them build and manage their systems. This will likely focus on helping companies create and maintain secure agents. This is, however, a crowded field that is getting more crowded by the hour.
But given the giant developer community that just unlocked NanoClaw with Docker, we’re sure to hear more about it soon.
Pictured above from left to right, Lazer and Gavriel Cohen.
