NanoClaw Spurns $20M Buyout, Closes $12M Seed for Sandboxed AI Agents
Six weeks from the first line of code to a term sheet, and a polite no to a $20 million buyout. Why Docker and Hugging Face just backed a tiny container company instead.
The News
NanoClaw, a startup building sandboxed runtimes for AI agents, has closed a $12 million oversubscribed seed round led by Valley Capital Partners. Brothers Gavriel and Lazer Cohen founded the company after concluding that the agent frameworks they were using inside their own AI marketing firm gave language models far too much reach across files, services and credentials on the host machine.
The round arrived under unusual circumstances. According to TechCrunch, the founders turned down an approximately $20 million acquisition offer from an unnamed venture firm that wanted to roll NanoClaw into a portfolio company. An earlier six-figure offer had also been declined. "It was under six weeks from committing the first lines of code to a term sheet," Gavriel Cohen said.
The cap table also includes Docker, Vercel, Monday.com and Slow Ventures, alongside an angel cheque from Clem Delangue, chief executive of Hugging Face. Valuation was not disclosed. NanoClaw's pitch is that instead of letting an agent execute commands directly on a developer's laptop, the agent runs inside an isolated container with policy gates around system calls and outbound traffic.
Why It Matters
The seed itself is small by 2026 standards. What makes it notable is what the founders walked away from. A $20 million acquihire would have priced six weeks of code at roughly $3.3 million per week, a bet that AI agent security will be a category rather than a feature buried inside a larger platform.
That bet is reasonable. The last comparable "isolation primitive" wave was container security in 2017 to 2019, which produced Aqua Security, Sysdig and Snyk. Each grew from a thin layer over Docker and Kubernetes into a multi-billion-dollar business as enterprises moved workloads into production. The arrival of computer-controlling agents from OpenAI, Anthropic and Google in 2024 and 2025 has put roughly the same question back on the table: who is responsible when an autonomous agent runs the wrong command?
Docker's presence on the cap table is the loudest signal in the round, given how directly an agent runtime layer sits on infrastructure the company already defines.
Indian Angle
For Indian enterprises, the NanoClaw thesis is not abstract. The Reserve Bank of India's outsourcing framework and the Digital Personal Data Protection Act of 2023 put pointed responsibility on banks, NBFCs and insurers for any system that touches customer data, including agents that read CRM records, fire off WhatsApp messages or push transactions. BFSI compliance teams have spent the last 12 months working out how to write that responsibility into an agent's runtime.
Sandboxed containers map cleanly onto those obligations. A bank running an agent for collections or KYC review can point an auditor at a container manifest listing every API the agent is allowed to call, rather than a blanket "the AI did it". Indian agent-platform firms such as Yellow.ai and Haptik, plus the wave of GenAI-native startups in Bengaluru and Pune, are likely buyers if NanoClaw or a competitor packages this for enterprise procurement.
Three of the backers, Docker, Vercel and Hugging Face, already run substantial engineering and developer-relations teams out of India. A push into agent runtime security at any of them tends to translate into Indian hires before it reaches Indian customers.
FAQ
What does NanoClaw actually do?
It runs AI agents inside isolated containers rather than letting them act directly on a host computer. The container enforces explicit policies on which files, services and credentials the agent can reach, giving developers a single chokepoint to audit and revoke.
Why does the rejected $20 million offer matter?
It signals that the founders, and the investors who replaced the would-be acquirer, believe agent security will be a standalone category. Acquihires usually win when a market is too small to support an independent vendor; this round bets it is not.
How does this compare to Anthropic's or OpenAI's own agent tools?
The major labs ship agent frameworks designed to maximise capability, with broad tool use, computer control and file-system access. NanoClaw sits one layer below, constraining whatever framework an enterprise is already using.
What should Indian banks and NBFCs take away?
Treat agent runtime isolation as a board-level checklist item, not a research project. RBI and DPDP obligations apply whether the agent was built in-house or wrapped around a foundation model.
This story was reported by TechCrunch. Read the full original coverage at TechCrunch.