NanoCo builds NanoClaw, a security-first AI agent platform that runs tasks inside isolated containers instead of giving an agent the keys to your whole machine. Its $12 million NanoClaw funding round matters because the pitch isn’t “agents are cool” — it’s that enterprises want agents they can trust with real work. Founded in early 2026 by brothers Gavriel Cohen and Lazer Cohen, the company took off after a viral open-source launch and now has backing from Valley Capital Partners, Docker, Vercel, Monday.com, Slow Ventures, and Hugging Face CEO Clem Delangue.
What is NanoClaw and how does it work?
NanoClaw is an open-source AI assistant framework that routes messages from tools like WhatsApp, Slack, Telegram, Teams, Discord, email, and the terminal into a shared agent system. It then runs the actual agent session inside a sandboxed container. By default it uses Anthropic’s Claude Agent SDK, but it also supports other providers. It keeps memory, session state, and task scheduling attached to the right conversation instead of turning everything into one giant chat blob.
The security model is the whole point. Each invocation runs in an isolated Linux container with tightly scoped mounts and a non-root user. Execution is fresh and ephemeral. On macOS, NanoClaw can use Apple Container; on Docker, it can go a step further with Docker Sandboxes and microVM-style isolation. That means bash commands, file writes, and browser actions happen away from the host machine rather than behind a flimsy in-app permission prompt.
For a user, the workflow is pretty simple. You install the core system, run setup, connect only the channels you want, and let the platform route incoming requests to the right agent context. NanoClaw then handles memory files and workspaces. It also manages logs, task scheduling, and message delivery across channels. Shared sessions are supported too, so a conversation can move between, say, chat and webhook flows without losing state.
The newer layer is approval. Through its Vercel partnership, NanoClaw can surface native approval cards inside messaging apps when an agent wants to do something sensitive. That includes sending an email, making a payment, or deleting a cloud resource. That sounds mundane. It isn’t.
Who founded NanoCo and why did they build NanoClaw?
A startup born out of an internal need
NanoCo was founded in early 2026 by brothers Gavriel Cohen and Lazer Cohen after they ran into a problem inside their previous AI marketing startup. They were already using agents to do a lot of the work, but the available tools felt too exposed. NanoClaw started as their answer: a secure alternative to OpenClaw that kept agent behavior boxed into a container instead of letting it run straight on a computer with broad access to services and credentials.
The timeline was absurdly fast. Gavriel said it took “under six weeks from committing the first lines of code to a term sheet.” Before the company existed in any formal sense, the project had gone viral, drawn praise from Andrej Karpathy, and gotten an unexpected boost when Singapore’s foreign minister described NanoClaw as his “second brain.” The brothers also turned down a six-figure early offer to buy the project, then later rejected an acquisition proposal worth roughly $20 million.
Why the brothers had real market fit
Gavriel wasn’t some tourist founder who stumbled into AI because the category got hot. He previously worked at Wix, has academic training in physics and computer science, and had been doing deep after-hours AI tinkering before NanoClaw took off. That background helps explain why the project’s core pitch is architectural, not just branding. Smaller codebase. Tighter permissions.
Lazer came from the other side of startup building. He spent years in communications and built Concrete Media into a PR firm that helped launch more than 100 startups. That’s useful here in a practical way. Open source traction doesn’t automatically become a company. Someone still has to turn attention into customers, partnerships, and a story investors can underwrite.
Early traction, customers, and the NanoClaw funding round
The open-source community gave NanoClaw its first real proof point. The brothers say the product has many thousands of users, and NanoCo has already started signing enterprise customers after community members pushed the team toward a commercial offering. The company now has 10 employees and official partnerships with Docker and Vercel.
Enterprise demand is showing up in a specific way. Technical early adopters inside large companies set up NanoClaw for themselves, then coworkers started asking for the same thing. NanoCo’s answer is to sell implementation help — what the market now calls forward-deployed engineers — so customers can roll out AI agents to employees without turning one internal enthusiast into unpaid IT support. NanoCo wouldn’t name customers, but said executives at Amazon, Gap, Google, Meta, SentinelOne, and Accenture are already using NanoClaw.
On the capital side, Valley Capital Partners led the oversubscribed round, with Docker, Vercel, Monday.com, Slow Ventures, and Clem Delangue among the backers. That investor mix is telling. It isn’t just generalist venture money chasing a meme. Two of the participants sit directly inside the infrastructure and workflow stack NanoClaw is trying to own.
How NanoClaw compares with OpenClaw and other options
OpenClaw is the obvious comparison, and NanoClaw doesn’t hide from that. The whole product exists because the brothers liked what OpenClaw made possible but didn’t like the risk profile. NanoClaw’s differentiator is less about magical new agent intelligence and more about constrained execution. Smaller code footprint. OS-level isolation. Scoped mounts and auditable logs.
There are other ways to approach the same enterprise problem. A team can stitch together Claude Code or another agent framework, add a credential vault, bolt on approvals, and run the whole thing in Docker. But that’s still custom plumbing. NanoClaw is trying to package the hard part into something opinionated enough to deploy, while staying light enough that technical buyers can still understand it.
Why did NanoCo raise now instead of selling?
Because the company saw a chance to become infrastructure, not just code.
Rejecting the buyout offers signals that. If the founders thought NanoClaw was only a clever open-source wrapper, taking the money would’ve been rational. But the next step is enterprise deployment, support, and governance — the boring stuff that turns a viral developer project into a business. The forward-deployed engineer model points straight at that.
The round also gives NanoCo a way to commercialize without wrecking the thing that made NanoClaw popular in the first place. That matters. Open-source security tools die all the time when founders bury them under enterprise bloat. NanoCo now has enough capital to hire around support, approvals, and customer rollouts while keeping the core product lean.
And the cap table matters on its own. Docker’s involvement validates the sandboxing thesis. Vercel’s involvement validates the human-approval UX layer. Those aren’t random logos.
How big is the market for secure AI agents?
The wider agent market is getting big in a hurry. Grand View Research projects the global AI agents market will reach $182.97 billion by 2033, growing at a 49.6% CAGR from 2026. That kind of forecast deserves some skepticism, but it captures the direction of travel: businesses are moving from chatbots toward software that can take actions.
The cleaner signal is adoption inside enterprise software. Gartner said 40% of enterprise applications will feature task-specific AI agents by the end of 2026, up from less than 5% in 2025. In a separate 2026 survey, Gartner said only 17% of organizations had deployed AI agents so far, but more than 60% expected to do so within 2 years. That gap tells you what startups like NanoCo are selling into. Not a mature market. An impatient one.
There’s a catch. Gartner also predicted more than 40% of agentic AI projects will be canceled by the end of 2027 because of cost, weak business value, or inadequate controls. And that’s exactly where NanoClaw is trying to wedge itself in. Not at the model layer. At the trust layer.
Final take on NanoClaw funding
NanoClaw funding is interesting because it backs a constraint, not just a capability.
A lot of agent startups are still selling the dream that software can act like an employee. NanoCo is selling the less glamorous idea that the employee needs a badge, a locked office, and a manager who can say no. That’s a much better story for enterprise buyers.
Read how Imperagen raised a £5M seed round led by PXN Ventures to speed up enzyme engineering with a platform that combines quantum simulation, AI, and robotics to reduce lab-heavy trial and error.
FAQ
– What funding did NanoCo raise for NanoClaw?
NanoCo raised an oversubscribed $12 million seed round in May 2026. Valley Capital Partners led the deal, and the backers included Docker, Vercel, Monday.com, Slow Ventures, and Hugging Face CEO Clem Delangue.
– How does NanoClaw work?
NanoClaw routes requests from chat apps and other channels into an AI agent that runs inside an isolated container instead of directly on the host machine. It adds memory and scheduled tasks. It also handles channel routing and approval workflows so an agent can do useful work without getting broad unchecked access.
– Who are the founders of NanoCo?
NanoCo was founded in early 2026 by brothers Gavriel Cohen and Lazer Cohen. Gavriel came from engineering roles at Wix and built NanoClaw itself, while Lazer previously built Concrete Media, a PR firm that helped launch more than 100 startups.
– Is NanoClaw part of the enterprise AI agent market?
Yes. NanoClaw sits inside the enterprise AI agent category, but more specifically in the security and deployment layer for agents that need to operate across business tools and communication channels. That niche is getting attention as enterprises push beyond demos and demand isolation, approvals, and governance before broader rollouts.
