NanoClaw Raises $12M After Rejecting $20M Buyout: The AI Agent That Went Viral

NanoClaw just pulled off one of the most remarkable startup stories of 2026. Two brothers — Gavriel and Lazer Cohen — built a sandboxed AI agent platform on a couch, watched it go viral after endorsements from Andrej Karpathy and Singapore’s foreign minister, turned down a $20 million buyout offer, and then raised $12 million in seed funding from investors including Docker, Vercel, and the CEO of Hugging Face. All within six weeks of writing the first line of code.

The story of NanoClaw isn’t just another startup funding announcement. It’s a case study in how open source momentum, perfect timing, and a genuine security innovation can create massive value almost overnight — and what happens when founders are smart enough to bet on themselves rather than cash out early.

What Is NanoClaw?

NanoClaw is a sandboxed, container-based AI agent platform designed as a secure alternative to OpenClaw. While OpenClaw runs AI agents directly on your computer with full access to your credentials, services, and file system, NanoClaw takes a fundamentally different approach: every AI agent runs inside an isolated container, completely sandboxed from your host system.

The entire core logic is condensed into roughly 500 lines of TypeScript — a size that, as VentureBeat reported, allows the entire system to be audited by a human or a secondary AI in approximately eight minutes. This isn’t accidental minimalism — it’s a deliberate security design philosophy. The smaller the codebase, the smaller the attack surface.

NanoClaw supports integration with WhatsApp, Telegram, and over 15 other messaging apps, functioning as what many users describe as a “second brain” that can execute tasks, manage workflows, and interact with external services — all without ever touching your actual computer’s sensitive data.

The Origin Story: From Side Project to $12M Startup

The Cohen brothers didn’t set out to build a venture-backed company. They were running an AI marketing firm that heavily relied on AI agents for day-to-day operations. The problem? Every existing agent framework required full access to their computer — a security model that made them increasingly uncomfortable as their reliance on AI agents grew.

Gavriel Cohen, a former Wix.com engineer, started building NanoClaw as a practical solution to their own security concerns. The idea was straightforward: what if AI agents could do everything they needed to do, but from inside a container where they couldn’t access credentials or services they shouldn’t touch? It launched as an open source project on January 31, 2026.

The project’s trajectory changed dramatically when AI researcher Andrej Karpathy publicly praised NanoClaw. Then Singapore’s foreign minister Vivian Balakrishnan called it his “second brain” in a Facebook post that went viral across Asia and the global tech community. Suddenly, what had been a niche open source tool was receiving attention from some of the most influential figures in technology.

Turning Down $20 Million

As NanoClaw’s popularity exploded, so did the inbound interest. According to TechCrunch, approximately 50 founders and tech executives slid into Gavriel’s DMs asking to invest. The first acquisition offer came quickly — a VC wanted to buy NanoClaw for one of his portfolio companies for a six-figure amount.

While the brothers considered that initial offer, a founder friend delivered a crucial insight: open source projects grow exponentially more valuable as their community grows. Users contribute code, discover use cases, and demonstrate the project’s versatility in ways founders could never predict alone. If NanoClaw had the potential to become that kind of project, the brothers needed to commit fully.

They shuttered their marketing business and went all-in. About two weeks later, a second offer arrived — roughly $20 million, including employment offers to continue running NanoClaw within the acquiring company. The Cohen brothers said no again.

The decision to reject $20 million when you’ve been writing code for less than two months takes enormous conviction. But the brothers believed NanoClaw’s trajectory was just beginning, and the subsequent funding round and community growth have so far validated that bet.

Why NanoClaw Matters: The Security Problem With AI Agents

NanoClaw’s rise highlights a fundamental tension in the AI agent ecosystem that the industry has been slow to address. As AI agents become more capable and more deeply integrated into workflows, the security implications of giving them unfettered access to host systems become increasingly alarming.

Consider what a typical AI agent running on your computer can access: browser sessions with saved passwords, SSH keys, API tokens in environment variables, email credentials, cloud provider access keys, and essentially anything else on your machine. A single compromised or hallucinating agent could exfiltrate sensitive data, delete critical files, or make unauthorized API calls — all while appearing to perform legitimate tasks.

We’ve seen the real-world consequences of inadequate AI agent security already in 2026. The npm malware targeting Claude AI users demonstrated how malicious packages can exploit the trust developers place in AI-assisted workflows. The FBI’s warning about Silent Ransom Group highlighted how sophisticated threat actors are increasingly targeting the tools professionals use daily.

NanoClaw’s container-based sandboxing approach is one of the most practical solutions to emerge. By running each agent in an isolated environment with explicitly defined permissions, it creates a genuine security boundary between the AI’s capabilities and the host system’s sensitive resources.

The Numbers: 250K Downloads and 29K GitHub Stars

NanoClaw’s growth metrics are exceptional by any measure for a project that’s roughly four months old. The platform has surpassed 250,000 downloads and accumulated nearly 29,000 GitHub stars — numbers that put it in the same conversation as far more established open source tools.

The geographic spread of adoption is equally impressive. While the project originated in Israel, its user base spans the globe, with significant adoption in North America, Europe, and Asia. The Singapore foreign minister’s endorsement drove particularly strong uptake across Southeast Asian tech communities.

But raw download numbers only tell part of the story. What’s more revealing is who’s using NanoClaw. According to the Cohen brothers, executives at companies like Amazon, Gap, Google, Meta, SentinelOne, and Accenture are using the platform. These aren’t casual hobbyist downloads — they’re senior technologists at major enterprises adopting an open source tool for their daily workflows.

Who Invested and Why

The $12 million seed round was led by Valley Capital Partners, with participation from an impressive roster of strategic investors. Docker’s involvement is particularly significant — as the company behind the container technology that NanoClaw builds upon, Docker’s investment represents both a financial bet and a strategic endorsement of container-based AI agent isolation.

Vercel, the frontend cloud platform, brings expertise in developer tooling and deployment workflows. Monday.com adds enterprise workflow management experience. Slow Ventures provides traditional VC backing, while Clem Delangue, CEO of Hugging Face, brings deep AI ecosystem credibility as an angel investor.

The diversity of this investor group signals something important: NanoClaw sits at an intersection of multiple rapidly growing markets — AI agents, container security, enterprise automation, and developer tools. Each investor brings domain expertise in a different slice of NanoClaw’s potential market.

NanoCo’s Enterprise Strategy: One Agent Per Employee

With $12 million in the bank, NanoCo — the company entity behind NanoClaw — is pursuing an enterprise strategy that emerged organically from its community. According to The New Stack, the company’s vision is one sandboxed agent per employee, with each agent adapting over time to that person’s specific role, tools, and workflows.

The go-to-market approach is refreshingly practical. NanoClaw’s early adopters tend to be technically skilled executives at large companies. After setting up their own instances, these users inevitably get bombarded by coworkers wanting the same setup. Rather than becoming unpaid NanoClaw IT support, they can now point to NanoCo’s professional services team.

NanoCo is offering “forward-deployed engineers” — a model pioneered by companies like Palantir — to help enterprises roll out NanoClaw at scale. These engineers handle implementation, integration with existing enterprise systems, ongoing support, and the policy configuration that determines what each agent can and cannot do.

This approach cleverly converts open source community momentum into enterprise revenue without compromising the open source project itself. The core NanoClaw platform remains free and open; the enterprise offering is the implementation expertise and support layer on top.

Competition and the AI Agent Landscape in 2026

NanoClaw enters a rapidly evolving market. OpenClaw remains the dominant open source AI agent framework, but its security model — running agents with direct access to host systems — is increasingly seen as a liability by security-conscious organizations. Red Hat’s enterprise-focused efforts to containerize OpenClaw deployments validate the very thesis NanoClaw was built on.

Meanwhile, the broader AI agent ecosystem is exploding. Every major cloud provider and AI company is building or acquiring agent infrastructure. The security layer — ensuring agents can be powerful without being dangerous — remains one of the least solved problems in the space.

NanoClaw’s advantage is that it started with security as the foundational architecture rather than trying to bolt it on later. As the Mandiant M-Trends 2026 report makes clear, AI-assisted attacks are accelerating. The organizations that adopt secure-by-design AI agent platforms now will be better positioned than those scrambling to retrofit security after a breach.

What This Means for Developers

For developers and technical professionals evaluating AI agent platforms, NanoClaw’s rise offers several important takeaways. The security argument for containerized AI agents is becoming difficult to ignore, especially as AI agents gain access to more sensitive systems and data. The project’s 500-line core codebase demonstrates that security and simplicity often go hand in hand.

NanoClaw is available for free at nanoclaw.dev and its source code is fully auditable on GitHub. For developers already using OpenClaw or similar frameworks, the migration path is relatively straightforward — NanoClaw is designed to be a drop-in replacement that adds the container isolation layer.

The partnership with Vercel for agentic policy setting and approval dialogs across 15 messaging apps also suggests that the platform is moving beyond simple sandboxing toward comprehensive agent governance — deciding not just where agents can run, but what they’re allowed to do.

Final Thoughts

NanoClaw’s journey from couch project to $12 million startup is a compelling story, but it’s the underlying technology thesis that makes it genuinely important. As AI agents become more powerful and more pervasive, the question of how to run them safely isn’t academic — it’s one of the most pressing problems in modern software security.

The Cohen brothers bet that the answer was containerization, and in six weeks they went from first commit to term sheet. With Docker, Vercel, and Hugging Face’s CEO backing that bet, NanoClaw is positioned to define how the industry thinks about secure AI agent deployment for years to come.

Whether you’re building AI agents, deploying them in enterprise environments, or simply trying to use AI tools without exposing your credentials to the world, NanoClaw deserves a serious look. Because in 2026, running AI agents without a security boundary isn’t bold — it’s reckless.