NanoClaw creator’s six-week sprint ends in Docker partnership deal

It has been an intense few weeks for NanoClaw creator Gavriel Cohen.

Roughly six weeks ago, Cohen introduced NanoClaw on Hacker News as a tiny, open source, secure alternative to the AI agent-building hit OpenClaw, after creating it during a weekend coding marathon. The post quickly took off.

“I sat down on the couch in my sweatpants,” Cohen said, “and just basically melted into [it] the whole weekend, probably almost 48 hours straight.”

About three weeks ago, an X post from well-known AI researcher Andrej Karpathy praising NanoClaw also went viral.

Then, about a week ago, Cohen shut down his AI marketing startup to focus entirely on NanoClaw and launch a company around it, called NanoCo. The momentum from Hacker News and Karpathy had already translated into 22,000 stars on GitHub, 4,600 forks from people building their own versions of the project, and more than 50 contributors. Cohen has already added hundreds of updates to the project, with hundreds more still waiting in the queue.

Now, on Friday, Cohen announced a deal with Docker — the company that effectively pioneered the container technology NanoClaw is built on and now serves millions of developers and nearly 80,000 enterprise customers — to integrate Docker Sandboxes into NanoClaw.

Scary security of OpenClaw

The story began when Cohen launched an AI marketing startup with his brother, Lazer Cohen, a few months ago. The company offered services such as market research, go-to-market analysis, and blog post creation through a small team that worked with AI agents.

The business began attracting customers and was on pace to hit $1 million in annual recurring revenue, the brothers said.

“It was going really well, great traction. I’m a huge believer in that business model of AI-native service companies that have margins and operate like a software company but are actually providing services,” said Cohen, a programmer who previously worked at website hosting company Wix.

He had built most of the AI agents the startup relied on, largely using Claude Code, with each one tailored to handle a specific task. But, as he described it, something was still missing.

The agents could do work when prompted, but the humans using them could not pre-schedule tasks or connect the agents to team communication tools like WhatsApp and assign work that way. WhatsApp, after all, functions for much of the world the way Slack does in corporate America.

Cohen then heard about OpenClaw, the popular AI agent tool whose creator now works at OpenAI. He used it to build out those missing interfaces and was immediately impressed.

“There was this big aha moment of: This is the piece that connects all of these separate workflows that I’ve been building,” he said. He quickly decided, “I want more of them: on R&D, on product, on client management,” essentially one for every function the startup needed to handle.

But then OpenClaw deeply alarmed him.

While looking into a performance issue, he came across a file where the OpenClaw agent had downloaded all of his WhatsApp messages and stored them on his computer as plain, unencrypted text. It was not limited to the work-related messages the tool had been explicitly allowed to access — it had pulled in everything, including his personal conversations.

OpenClaw has been heavily criticised as a “security nightmare” for how it handles memory and account permissions. Once installed, it can be very difficult to restrict the data it can access on a machine.

That problem may improve with time, given how popular the project has become, but Cohen had another issue with it: just how massive it was. As he looked into security options for OpenClaw, he saw the long list of bundled packages. One of them was an “obscure” open-source project that Cohen himself had written a few months earlier for editing PDFs using a Google image-editing model. He had no idea it had been included, and he was not even actively maintaining that project anymore.

At that point, he realised there was no realistic way for him to validate all of OpenClaw’s code and dependencies, which, by some estimates, spanned 800,000 lines of code.

So he decided to build his own version instead.

He created it in just 500 lines of code, initially for internal use at his own company, and then shared it publicly. The project was based on Apple’s new container technology, which creates isolated environments that stop software from accessing anything on a machine beyond the data it has been specifically authorised to use.

Going viral

A couple of weeks after posting it on Hacker News, Cohen’s phone started ringing constantly at 4 a.m. A friend had seen Karpathy’s post and was urging him to wake up and start posting on X, which Cohen did, sparking a public conversation with the high-profile AI researcher.

From there, attention to NanoClaw snowballed. More posts on X followed, programmers began publishing YouTube reviews, and news coverage picked up. At one point, a domain squatter even grabbed a NanoClaw-related website URL. The actual site is nanoclaw.dev.

Then Oleg Šelajev, a developer at Docker, got in touch. After noticing the growing interest in NanoClaw, Šelajev modified the project to use Docker’s Sandboxes instead of Apple’s container technology.

Cohen said he had no hesitation in adding support for Docker Sandboxes to the core NanoClaw project.

“This is no longer my own personal agent that I’m running on my Mac Mini,” he recalled thinking. “This now has a community around it. There are thousands of people using it. Yeah, I said, I’m going to move over to the standard.”

For all the upheaval and momentum of the past few weeks, one major question remains unresolved for Cohen and his brother Lazer, who now serve as CEO and president of NanoCo: how the company will eventually make money.

NanoClaw is free and open source, and, as far as the brothers are concerned, it will stay that way. They know that reversing course and abandoning the open source promise would immediately make them villains in the eyes of that community. For now, they said, they are funding themselves through a friends-and-family round.

Although they are being careful not to spell out their commercial strategy too early — partly because they have not yet fully worked it out — they say venture capitalists are already reaching out.

The current plan is to build a fully supported commercial product around NanoClaw, including services such as forward-deployed engineers and specialists who work directly within customer organisations to help them build and maintain their systems. That likely means focusing on helping companies create and manage secure AI agents. At the same time, that market is already crowded and becoming more competitive by the hour.

Still, with the large developer community NanoClaw has now tapped into through Docker, more details on where NanoCo is headed will likely emerge soon enough.