NanoCo, a Tel Aviv startup behind the open source NanoClaw agent framework, has launched a managed enterprise service that deploys one sandboxed AI agent per employee rather than a single shared assistant. Each agent runs in its own Docker sandbox, with credentials injected only at the moment of outbound calls via an Agent Vault component — the agent itself never sees them. Approval actions are bound to the approving human's identity for a complete audit trail. The company raised $12M in seed funding with Docker and Vercel participating. Unlike typical open-core models, NanoCo targets companies without the engineering capacity to build their own agent platform, offering bespoke deployments including on-premises options. NanoClaw has accumulated nearly 29,000 GitHub stars since its February launch.
Table of contents
Credentials never reach the agentApproval as identity bindingSkipping the conversion funnelWhite-glove for nowSort: