Most digital work will be done by agents, shifting computing from apps to execution. Every person will rely on agents that control credentials, memory, communication, and transactions. Agents will become the most trusted software layer, but right now, they’re being built incorrectly.
Getting agents right means building them from the runtime up. Runtime is what actually holds credentials, executes tool calls, and manages memory. It’s the foundation everything else rests on. To build it correctly, three things need to be true: it needs to be open, secure, and accessible without a terminal. Each missing piece undermines the others.
Even OpenClaw only delivers on one front (open), despite being the most popular personal AI agent. OpenClaw recently grew from zero to over 350,000 stars and surpassed React as the fastest-growing open source project in GitHub’s history. Run OpenClaw for a week, or any of its current siblings, and two problems become obvious: it’s not secure, and it’s not accessible.
Open but not secure
Peer-reviewed papers now catalog a systematic taxonomy of vulnerabilities in OpenClaw's architecture. SecurityScorecard's STRIKE team found tens of thousands of exposed OpenClaw instances — 15,200 directly vulnerable to remote code execution, and 53,300 correlated with prior breach activity. Nine CVEs dropped in a single four-day window in March. Over 800 malicious skills, roughly 20% of the marketplace at the time, were flagged as credential-stealers. Users are losing funds. Users are leaking API keys into LLM provider logs they never consented to. Some have stopped using OpenClaw altogether because they no longer trust it with anything private.
OpenClaw's core issues have been public for months, and most of them still aren't fixed, because they're architectural rather than incidental. Credential handling, skill sandboxing, and network egress weren't first-class design concerns, so patches land on top of a runtime that wasn't built for them. New skills and integrations keep expanding the attack surface faster than fixes can close it. That's why the Claw family of forks and rewrites exists in the first place, and it's why the fix has to happen at the runtime layer, not in a patch cycle.
Open but not accessible
When an agent holds your most important keys, you should be able to read the code, swap the model and provider underneath, and take your context when you leave. Open source provides this visibility, but it doesn’t guarantee access. Most of OpenClaw’s 3 million users don't want a developer tool; they want an always-on agent that remembers them, runs while they sleep, and works across every surface they use. OpenClaw wasn't built for that. Its architecture reflects its origins: a fast-moving project optimized for developer extensibility, not persistent personal memory or multi-session continuity.
Setup requires opening a terminal: using the command line, editing JSON config, generating and pasting API keys, and reasoning about gateways and providers. The median OpenClaw user today is a developer. The median user who would benefit most, the operators, recruiters, solo founders, and small business owners, can't get past the first config file. The gap between "I want an agent that watches for competitor pricing changes and Slacks me" and "I have that agent running" is still measured in hours of YAML for technical users, and never for everyone else. Workflow integration is where most users give up. The product is trapped inside the audience that needs it least.
The many problems with OpenClaw have spawned a dozen alternatives and rewrites in under three months, each picking an area of weakness to build around.
Yet, none of these has solved the thing that matters most: making any of it securely usable by someone who doesn't have a terminal open. That's the gap we want to close.
Building on top of Hermes Agent to close the gap
Hermes Agent, an MIT-licensed project with 100K+ stars from Nous Research, comes closest to closing the gap. It's a personal AI agent that lives on your own server and remembers you across every session, every model swap, and every device. Memory is stored as plain Markdown files in your filesystem, so you can read it, edit it, and take it with you. The model underneath is swappable: Claude today, a local Llama tomorrow, no rewrites. A built-in scheduler runs tasks while you sleep. The same agent reaches you on Telegram, Slack, email, a browser, or the terminal (once you configure each one), with full context wherever you pick up.
Hermes solves the architecture. What it doesn't yet solve is getting any of this into the hands of someone who doesn't live in a terminal.
That’s why OCV is starting an open source agent company, building on Hermes Agent, to ship what's missing today: onboarding without a terminal, security built into the runtime, and workflow integration that doesn't require rebuilding your workflow in a config language.
We're looking for a founding engineer to lead it. You'd be joining as a founder, with OCV's incubation resources behind you: capital, GTM, recruiting, design, and a portfolio of agent-adjacent companies to learn from. The right person has shipped systems software, cares about security at the runtime layer, and has strong opinions about UX for people who don't write code.
If you've been watching the Claw family and thinking we can do this right from the runtime up, now's your chance—apply here.