NanoCo and Docker announced on March 13, 2026 that NanoClaw — the lightweight, security-focused alternative to OpenClaw — is now the first claw-based agent platform that can be deployed inside Docker's MicroVM-based Sandbox infrastructure with a single command.
From Weekend Project to Docker Deal
Creator Gavriel Cohen built NanoClaw in a weekend coding session and introduced it on Hacker News roughly six weeks before the Docker partnership. The project went viral after AI researcher Andrej Karpathy praised it on X, quickly surpassing 20,000 GitHub stars and 100,000 downloads.
About a week before the deal, Cohen shut down his AI marketing startup to launch NanoCo and focus full-time on NanoClaw, with his brother Lazer Cohen joining as president.
Enterprise-Grade Isolation
NanoClaw originally used standard Docker containers for agent isolation. Docker Sandboxes upgrades this with MicroVM-level separation — each agent runs in a lightweight virtual machine with its own kernel, providing stronger security boundaries than traditional containers. Users can clone the NanoClaw GitHub repo and run a single command to launch a fully sandboxed agent.
Why It Matters
Security has been the biggest barrier to enterprise AI agent adoption. With over 40,000 exposed OpenClaw instances discovered on the public internet in February, the demand for secure deployment options is clear. NanoClaw's Docker Sandboxes integration and managed hosting services like OpenClaw Launch both address this gap from different angles — NanoClaw through isolation, OpenClaw Launch through managed infrastructure.