Gavriel Cohen, a former Wix.com engineer and security startup founder, discovered fragments of his own code inside OpenClaw’s dependency tree, used without attribution or consent. He left the project publicly and built NanoClaw, a sandboxed alternative that has since raised $12 million in seed funding and secured partnerships with Docker and Vercel.
The episode, first reported by The New Stack and covered in a follow-up analysis published today, raises pointed questions about code provenance in agent frameworks now handling enterprise workloads.
What Cohen Found
Cohen had developed a security agent for cloud environments. According to ForgeNEX, he discovered that OpenClaw contained functions, structure, and even comments matching code from his private repository. After an internal investigation, he concluded the code had been extracted without authorization.
“I cannot continue collaborating with a project that has benefited from my work without attribution or permission,” Cohen stated, according to The New Stack’s reporting via ForgeNEX.
NanoClaw: 500 Lines vs. 400,000
Rather than filing a complaint and moving on, Cohen built something. NanoClaw’s core logic runs approximately 500 lines of TypeScript, a deliberate contrast to OpenClaw’s roughly 400,000 lines of code, according to VentureBeat. The minimalism is the security argument: the entire system can be audited by a human security team in about eight minutes.
Every NanoClaw agent operates within a strictly isolated environment. Through a strategic partnership with Docker announced in March, NanoCo AI (the company Cohen co-founded with his brother Lazer) runs agents inside MicroVM-based Docker Sandboxes. Raw API credentials never reach the agent. Outbound requests pass through a Rust gateway that enforces company-defined policies and requires explicit human approval for sensitive write actions.
$12M Seed, Enterprise Backing
NanoCo AI closed a $12 million oversubscribed seed round led by Valley Capital Partners, according to VentureBeat. The investor roster includes Docker, Vercel, monday.com, Factorial Capital, and Hugging Face CEO Clem Delangue.
The core NanoClaw framework remains MIT-licensed. NanoCo AI monetizes through managed enterprise services on top of the open-source base, targeting organizations that lack the engineering resources to self-host agent infrastructure.
The Provenance Problem
The story arrives at a moment when enterprises are scrutinizing agent framework supply chains with increasing intensity. OpenClaw’s rapid growth to 50+ modules and wide integrations made it a default choice for many teams, but its permissionless architecture and this code attribution incident highlight a gap: there is no standard mechanism for verifying code originality in agent frameworks.
For teams evaluating agent infrastructure, the Cohen episode is a concrete case study in dependency risk. If a framework’s codebase includes unattributed contributions from private repositories, the legal exposure extends to every enterprise deploying it. Code lineage audits, already standard practice for traditional software supply chains, are now overdue for agent platforms.