$12M Seed Backs NanoClaw's Containerized AI Agent Framework

NanoCo, the startup developing the security-focused NanoClaw AI agent framework, raised a $12 million seed round led by Valley Capital Partners. The oversubscribed round values the company at $62 million and includes strategic investments from Docker, Vercel, and monday.com. Founders Gavriel Cohen and Lazer Cohen closed the funding in four days, explicitly rejecting an earlier $20 million “acqui-hire” buyout offer to pursue independent growth.

The framework originated as an internal tool for Qwibit, an AI marketing firm run by the Cohen brothers. They needed agents capable of managing research and messaging schedules across WhatsApp, Telegram, and Slack without exposing credentials or internal systems to vulnerabilities.

Minimalist Architecture and Security

NanoClaw serves as a direct, lightweight alternative to OpenClaw, a monolithic framework that has drawn criticism for security flaws and a sprawling codebase exceeding 400,000 lines. Developers evaluating AI agent frameworks typically face a tradeoff between extensive feature sets and auditability. NanoClaw addresses this by stripping the core logic down to approximately 500 to 700 lines of TypeScript, allowing a human developer to fully audit the execution path in under ten minutes.

The platform shifts security enforcement from application-layer permissions to infrastructure-level isolation.

Architecture Detail	OpenClaw	NanoClaw
Core Logic Size	>400,000 lines	500-700 lines (TypeScript)
Execution Isolation	Application-layer permissions	Docker or Apple Container
Credential Handling	Direct API access	Filtered via gateway

Every agent group in NanoClaw runs inside an isolated Docker container or Apple Container. This establishes a strict blast radius for prompt injection attacks. For API access, NanoClaw utilizes a OneCLI Rust Gateway. Raw API keys never reach the AI agent directly. Outbound requests pass through the secure gateway, which enforces company-defined security policies before routing the credentials.

Claude Integration and Enterprise Deployment

The framework includes native support for Claude Code, utilizing the official Claude Agent SDK. NanoCo is positioning this integration as a pathway to enterprise deployment. Rather than functioning strictly as a developer utility, the platform acts as a professional assistant that builds a persistent “LLM wiki” or knowledge graph mapping a specific employee’s projects and job functions.

Since its open-source release in February 2026, NanoClaw has accumulated nearly 29,000 GitHub stars. Early adoption includes deployment by Singapore’s Foreign Minister, Vivian Balakrishnan, and AI researcher Andrej Karpathy.

Industry Context

The funding aligns with a broader infrastructure shift toward hard-boundary security for autonomous execution. The demand for sandboxing has accelerated as organizations deploy multi-agent systems across enterprise networks. Earlier this year, NVIDIA introduced NemoClaw, an enterprise wrapper for OpenClaw that relies on OpenShell for kernel-level sandboxing.

If you build internal tools with autonomous capabilities, your infrastructure must account for prompt injection as a systemic constant rather than an edge case. Transitioning agent workloads into strict container boundaries limits the damage a compromised agent can inflict on your broader network.