NanoCo Unveils Enterprise AI Agents: One Sandbox per Employee, $12M Backing
NanoCo launches enterprise AI with one Docker-sandboxed agent per employee, raises $12M, and emphasizes credential isolation and binding approvals for audit trails.
Breaking: NanoCo Launches Per-Employee AI Agents with Docker Isolation
NanoCo, the Tel Aviv startup behind the open-source NanoClaw framework, on Wednesday introduced a managed enterprise service that assigns a separate, sandboxed AI agent to every employee. The company also announced it raised $12 million in a seed round led by Valley Capital Partners, with Docker and Vercel participating.
Unlike most enterprise AI assistants, which operate as a single shared tool, NanoCo's approach isolates each worker's agent in its own Docker container. This architecture aims to improve security and personalization over time.
Gavriel Cohen, co-founder and CEO of NanoCo, told The New Stack: “Most companies do not want to build an agent platform. They want a working assistant for each employee.”
Key Details
- The per-employee agent runs in a separate Docker sandbox for security.
- Requests flow through a Router that pulls credentials from an Agent Vault, never exposing them directly to the agent.
- NanoClaw has attracted nearly 29,000 GitHub stars since its February launch, with users at Amazon, Google, Meta, and Accenture.
- Even Singapore’s foreign minister, Vivian Balakrishnan, is a known superfan.
How Security Works
Credentials never reach the agent. Instead, they are injected only at the moment of an outward call via a “Router” component. This isolation ensures that even if an agent is tricked, it cannot access sensitive credentials directly.
“An agent has to be able to work inside the most sensitive parts of a business,” Cohen explained. “Their email. Their customer records.”
Approval Flows Bind Identity
When an action requires approval (automated or human), NanoCo runs it with the approver’s credentials instead of the agent’s. This creates a clear audit trail because every write to, say, Salesforce is logged against the human who approved it.
Cohen argued that most agent platforms just route a yes/no decision without binding the human identity, leaving incomplete logs.
Background
Enterprise AI agents have traditionally been deployed as a single assistant for the entire company, like Microsoft Copilot or ChatGPT Enterprise. NanoCo’s model flips that by giving each worker a dedicated agent that learns their specific tools and responsibilities.
The NanoClaw open-source project, launched in February, has already drawn a massive developer community and corporate adoption. Founders Gavriel and Lazer Cohen recently met with Singapore’s foreign minister, underscoring its global reach.
What This Means
For businesses, NanoCo’s approach promises both stronger security and more tailored automation. By isolating each agent and binding approvals to human identities, the system reduces the risk of credential leakage while preserving compliance.
The $12 million seed round, with strategic backers like Docker and Vercel, signals confidence in the architecture. Enterprises evaluating AI agents should consider this sandboxed-per-user model as a viable alternative to shared assistants.
For more, see How Security Works and What This Means.