The wild six weeks for NanoClaw’s creator that led to a deal with Docker
It was a whirlwind for that Nanoclaw creator Gavriel Cohen.
About six weeks ago, he introduced NanoClaw on Hacker News as a small, open source, secure alternative to the AI agent-building sensation OpenClaw, after building it during a weekend of coding. That message went viral.
“I sat down on the couch in my sweatpants,” Cohen told TechCrunch, “and basically melted into it [it] all weekend, probably almost 48 hours straight.”
About three weeks ago, an X-post appeared praising the famed AI researcher’s NanoClaw Andrej Karpathy went viral.
About a week ago, Cohen shuttered his AI marketing startup to focus on NanoClaw full-time and launched a company around it called NanoCo. The attention from Hacker News and Karpathy has translated into 22,000 stars on GitHub, 4,600 forks (people building new versions of the project), and more than 50 contributors. He has already added hundreds of updates to his project and hundreds more are in the queue.
Now, on Friday, Cohen announced a deal with Docker – the company that essentially invented the container technology on which NanoClaw is built, and has millions of developers and nearly 80,000 enterprise customers – to integrate Docker Sandboxes into NanoClaw.
Scary security from OpenClaw
It all started when Cohen launched an AI marketing startup with his brother Lazer Cohen a few months ago. The startup offered marketing services such as market research, go-to-market analysis, and blog posts through a small team of people using AI agents.
WAN event
San Francisco, CA
|
October 13-15, 2026
The agency started booking clients and was on track to hit $1 million in annual recurring revenue, the brothers told TechCrunch.
“It went very well, it went great. I’m a big believer in that business model of AI-native service companies that have margins and operate like a software company, but actually provide services,” said Cohen, a computer programmer who previously worked for website hosting company Wix.
He had built the agents the startup used, largely using Claude Code, each designed to perform specific tasks. But there was “a piece missing,” he said. The agent could do work when asked, but the people couldn’t plan the work in advance, or connect agents to team communication tools like WhatsApp and assign tasks that way. (WhatsApp is to most of the world what Slack is to corporate America.)
Cohen heard about OpenClaw, the popular AI agent tool whose creator now works for OpenAI. Cohen used it to build the final interfaces and loved it.
“There was a big aha moment of: This is the piece that connects all these separate workflows that I built,” he said, immediately deciding, “I want more: on R&D, on product, on customer management,” one for each task the startup had to do.
But then OpenClaw scared the hell out of him.
While investigating a performance issue, he came across a file in which the OpenClaw agent had downloaded all his WhatsApp messages and stored them in plain, unencrypted text on his computer. Not only the work-related messages to which he was explicitly given access, but also all his personal messages.
OpenClaw is widely filtered as a “security nightmare” because of the way it accesses memory and account permissions. It is difficult to restrict access to data on a machine once it has been installed.
That problem will likely improve over time, given the project’s popularity, but Cohen had another problem: OpenClaw’s sheer size. As he looked into the security options for it, he saw all the packages bundled into it. It contained an “obscure” open source project he himself had written a few months earlier for editing PDFs using a Google image editing model. He had no idea it was there; he wasn’t even actively maintaining that project.
He realized that there was no way for him to validate all of OpenClaw’s code and its dependencies, which by some estimates spread over 800,000 lines of code.
So he built his own code in just 500 lines of code, intended to be used for his company, and shared it. He based it on that Apple’s new container technologycreating isolated environments that prevent software from accessing data on a machine beyond what it is explicitly authorized to do.
Goes viral
At 4 a.m., a few weeks after he shared it on Hacker News, his phone started ringing nonstop. A friend had seen Karpathy’s post and urged Cohen to wake up and start tweeting, which he did. public discussion with the well-known AI researcher.
The attention for NanoClaw followed like a landslide. More tweets, YouTube reviews from programmersAnd news stories. A domain squatter even managed to get the URL of a NanoClaw website. The right one nanoclaw.dev.
Then Oleg Šelayev, a developer working for Docker, reached out. Seeing the buzz, Šelajev adapted NanoClaw to replace Apple’s container technology with Docker’s competing alternative, Sandboxes.
Cohen did not hesitate to expand support for Sandboxes as part of the main NanoClaw project. “This is no longer my own personal agent that I use on my Mac Mini,” he recalled thinking. “This now has a community around it. There are thousands of people using it. Yeah, I said, I’m going to switch to the standard.”
Despite all the changes these weeks have brought to Cohen and his brother Lazer, now CEO and president of NanoCo respectively, there is one area still to be figured out: how NanoCo will make money.
NanoClaw is free and open source and, as these things go, the Cohens promise it will always remain that way. They know they would be labeled as villains if they ever betrayed the open source community by changing that. Currently, the Cohens survive on fundraising from friends and family, they said.
While they are cautious about announcing their commercial plans – largely because they haven’t had a chance to fully formulate them – VCs are already calling, they say.
The game plan is to build a fully supported commercial product with services including so-called forward-deployed engineers – specialists embedded directly with the client companies to help them build and manage their systems. This will likely focus on helping companies build and maintain secure agents. However, that is a busy field that is getting busier by the hour.
But considering the massive community of developers that NanoClaw just unlocked with Docker, we’ll definitely hear more about this soon.
Pictured above from left to right, Lazer and Gavriel Cohen.
