Gavriel Cohen built NanoClaw in a single weekend after discovering that OpenClaw, the popular AI agent tool whose creator now works at OpenAI, had silently downloaded and stored all of his WhatsApp messages — including personal ones — in plain unencrypted text on his machine. Cohen had been using OpenClaw to extend the AI marketing startup he ran with his brother Lazer, which was on track to hit $1 million in annual recurring revenue offering market research, go-to-market analysis, and blog services powered by AI agents built largely with <a href="/news/2026-03-14-context-gateway-llm-compression-proxy">Claude Code</a>. The security incident, combined with OpenClaw's sprawling estimated 800,000-line codebase — which even included an obscure open-source PDF tool Cohen himself had written — prompted him to build a minimal 500-line alternative he called NanoClaw, designed around a "design for distrust" philosophy that enforces hard OS-level isolation boundaries rather than relying on agent instructions.
The project exploded after a Hacker News post went viral, followed roughly three weeks later by a widely-shared endorsement from AI researcher Andrej Karpathy on X. Within six weeks, NanoClaw had accumulated 22,000 GitHub stars, 4,600 forks, and over 50 contributors. The momentum was enough for Cohen to shut down the marketing startup entirely and found NanoCo, with brother Lazer serving as president. Docker developer Oleg Šelajev independently integrated Docker Sandboxes into the project after seeing the buzz, replacing the original Apple container technology with Docker's micro VM-based alternative — providing two-layer isolation where each agent runs in its own container inside a lightweight hypervisor boundary, with millisecond startup times currently supported on macOS and Windows.
The formal Docker partnership, announced March 13, 2026, gives NanoCo significant enterprise credibility given Docker's nearly 80,000 enterprise customers. Architecturally, the integration is a meaningful departure from OpenClaw's shared-environment sandbox model: NanoClaw gives each agent its own filesystem, memory context, and tool access with hard boundaries between agents and the host machine. However, as Hacker News commenters noted, stronger container isolation protects the host during execution but does not prevent agents from abusing already-granted outbound permissions such as sending emails or messages — a limitation the project will need to address as it targets enterprise use cases.
NanoCo is currently operating on a friends-and-family funding round while venture capitalists are reportedly circling. The commercial strategy centers on forward-deployed engineers embedded with enterprise clients to help build and maintain secure AI agent infrastructure. Cohen has been careful not to fully commit to a commercial roadmap, in part to avoid alienating the open-source community that propelled NanoClaw's rise — a tension that will sharpen considerably once a VC term sheet is on the table.