Verified guide · Updated July 2026
NemoClaw vs OpenClaw: what they are and what your company should do about them
OpenClaw is what NVIDIA calls the fastest-growing open source project in history. NemoClaw is NVIDIA's answer to its biggest problem. Here is the verified picture: dates, prices, requirements, and the security research your IT team will ask about.
What is OpenClaw?
An open source (MIT) AI agent you run on your own hardware. It answers and acts through about 29 channels you already use, including WhatsApp, Telegram, Slack and email. Created by Peter Steinberger in November 2025, renamed OpenClaw in late January 2026, and now run by an independent foundation. Over 380,000 GitHub stars and roughly half a million systems running it.
What is NemoClaw?
NVIDIA's open source (Apache 2.0) reference stack that runs OpenClaw inside a hardened OpenShell sandbox: deny-by-default networking, credentials kept outside the sandbox, routed inference, audit logs. Announced by Jensen Huang at GTC on March 16, 2026. It is a wrapper, not a fork, and it is explicitly alpha software today.
How we got here
Four months from side project to keynote
November 24, 2025
Peter Steinberger publishes the first version of what becomes OpenClaw (initially a WhatsApp relay tool).
Late January 2026
After several renames, the project becomes OpenClaw and goes viral: 9,000 GitHub stars in the first 24 hours.
February 14, 2026
Steinberger announces he is joining OpenAI; OpenClaw moves to an independent, OpenAI-backed foundation.
February 19, 2026
Microsoft Defender Security Research publishes its warning: OpenClaw should be treated as untrusted code execution with persistent credentials.
March 16, 2026
Jensen Huang announces NemoClaw at NVIDIA GTC 2026, available the same day in early preview.
Side by side
NemoClaw vs OpenClaw, verified
Sourced from the official docs, GitHub repositories, and NVIDIA's announcement.
| Dimension | OpenClaw | NemoClaw |
|---|---|---|
| What it is | The AI agent platform itself: a personal assistant you self-host that acts through about 29 channels, including WhatsApp, Telegram and Slack. | A security and governance stack that runs OpenClaw inside an NVIDIA OpenShell sandbox. Not a fork: a wrapper. |
| Created by | Peter Steinberger; now stewarded by the OpenClaw Foundation. | NVIDIA, announced at GTC on March 16, 2026. |
| License and price | MIT, free. You pay only for the model access you bring. | Apache 2.0, free, early preview. NVIDIA sells support separately via NVIDIA AI Enterprise. |
| Security posture | Minimal by default: Microsoft, CrowdStrike and Kaspersky have all flagged it for enterprise use. | Deny-by-default network egress, credential isolation outside the sandbox, per-session audit logs, output redaction. |
| Runs on | macOS 15+, Windows 10/11 native, Linux. Node.js 22.19+. | Validated on Ubuntu 24.04; Apple Silicon Macs via Docker; Windows only through WSL2. 4 vCPU and 8 GB RAM minimum. |
| GPU required? | No. | No for hosted inference (NVIDIA endpoints, OpenAI, Anthropic). An NVIDIA GPU is required only for local inference; AMD, Intel Arc and Apple Metal are unsupported. |
| Models | Bring your own: Claude, GPT, DeepSeek, local models. | Routed through a model gateway: Nemotron 3 by default, NIM, local vLLM, plus hosted OpenAI and Anthropic. |
| Interface | Web control UI, WebChat, and companion apps. | CLI-first; an optional Brev web UI provisions a cloud deployment in about 5 minutes. |
The security picture
What Microsoft, CrowdStrike and Kaspersky actually said
In February 2026, Microsoft's Defender Security Research team published its analysis. The verdict, verbatim: OpenClaw "should be treated as untrusted code execution with persistent credentials" and is "not appropriate to run on a standard personal or enterprise workstation."
CrowdStrike flagged that misconfigured instances can act as AI backdoors. Kaspersky called OpenClaw the biggest insider threat of 2026. China banned it from government and enterprise machines in March 2026. None of that stopped adoption; it moved the question from whether teams will run agents to how safely they will run them.
That is the gap NemoClaw exists to close: the sandbox enforces policy outside the agent's process, so a compromised agent cannot lift its own restrictions. What it does not close, by NVIDIA's own admission, is the operational gap: no SSO, no role-based access for teams, single host only, alpha status.
The honest enterprise takeaway
OpenClaw and NemoClaw are free. What they are not is finished: both projects describe themselves as early software, and neither ships the identity controls, access management or day-two operations an enterprise deployment needs. The cost of an agent was never the license; it is the engineering to integrate it with your systems and the discipline to operate it every day.
That is the work we do: we design the controls, build the agent on your highest-ROI workflow, and operate it as a managed service, with human approval where it matters and an audit trail for everything.
FAQ
Every question the internet is asking
What is NemoClaw?
NemoClaw is NVIDIA's open source reference stack for running always-on AI agents such as OpenClaw more safely. It wraps the agent in an OpenShell container sandbox with deny-by-default network policy, keeps credentials outside the sandbox, routes model calls through a gateway, and writes per-session audit logs. It was announced at GTC 2026 and is in early preview.
Is NemoClaw a fork of OpenClaw?
No. NemoClaw runs the real OpenClaw inside its sandbox via a plugin and NVIDIA contributes changes upstream to the OpenClaw project. It also supports other agents, including Hermes and LangChain Deep Agents Code.
When was NemoClaw released?
Jensen Huang announced NemoClaw at NVIDIA GTC on March 16, 2026, and it became available in early preview the same day. NVIDIA describes it as alpha software: expect rough edges.
How much does NemoClaw cost? Is it free?
NemoClaw is free and open source under the Apache 2.0 license, and OpenClaw is free under MIT. NVIDIA has announced no paid tier for NemoClaw; enterprise support is sold separately through NVIDIA AI Enterprise. Your real costs are model access (API keys or GPUs) and, above all, operating the agent responsibly.
What are NemoClaw's system requirements? Does it need an NVIDIA GPU?
Officially: 4 vCPU, 8 GB RAM (16 GB recommended), 20 GB disk, Node.js 22.16+, and Docker. Validated on Ubuntu 24.04; Apple Silicon Macs (including M-series Mac mini) work via Docker; Windows runs only through WSL2. No GPU is needed if you use hosted inference; a NIM-capable NVIDIA GPU is required only for local inference, and AMD, Intel Arc and Apple Metal are unsupported.
Is OpenClaw safe for enterprise use? What did Microsoft find?
Microsoft's Defender Security Research team concluded in February 2026 that OpenClaw "should be treated as untrusted code execution with persistent credentials" and is "not appropriate to run on a standard personal or enterprise workstation." Their guidance: evaluate it only in a fully isolated, disposable environment with non-privileged credentials and no sensitive data. CrowdStrike warned misconfigured instances can become AI backdoors, and Kaspersky called it the biggest insider threat of 2026.
What is nvidia.com/nemoclaw.sh?
It is NVIDIA's real one-line installer URL: it redirects to the official install script in the NVIDIA/NemoClaw GitHub repository. The documented install command is: curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash. As with any piped installer, review the script and run it on an isolated machine first.
What is an "OpenClaw strategy"?
At GTC 2026, Jensen Huang said that every company needs an OpenClaw strategy, an agentic systems strategy, and press coverage compared its significance to Linux and Kubernetes. In practice it means answering four questions: which high-volume, rule-based workflows to automate first, who operates the agent long term, which security guardrails apply, and how you will measure accuracy, throughput, exceptions and cost.
NemoClaw vs OpenClaw: which one should my company use?
They are not alternatives: OpenClaw is the agent, NemoClaw is the safety wrapper around it. If you are experimenting, NemoClaw's sandbox is the safer way to run OpenClaw. Neither is an enterprise platform yet: NVIDIA's own docs list no SSO, no multi-operator access control, and single-host operation only. For production workflows, the question is less which tool and more who designs the controls, integrates your systems, and operates the agent every day.
Does NemoClaw have a web UI?
NemoClaw itself is CLI-first. NVIDIA offers an optional Brev web UI that provisions a cloud GPU VM, configures inference, and opens the OpenClaw dashboard in about five minutes. OpenClaw separately ships its own web control UI and WebChat.
Deeper reads: our analysis of NemoClaw for enterprise operations and what an OpenClaw strategy means in LatAm.
Next step
Stop hiring. Deploy an AI agent.
Book your AI audit. In 10 days you'll know which workflows to hand off to an AI agent, the expected savings, and a fixed-price agent build scope. We build it. Then we run it.
20 minutes. No pitch deck. No commitment.