The creators of the hit, enterprise-friendly, open source OpenClaw variant NanoClaw are partnering with software supply chain management leader JFrog have to launch a new, joint security integration they say will protect NanoClaw autonomous agents from malicious code injection. “These agents are doing things that you cannot necessarily control, and you cannot necessarily train,” said Gal Marder, Chief Strategy Officer at JFrog, in an exclusive interview with VentureBeat.Available immediately, the partnership hardwires NanoClaw agents directly to JFrog’s vetted software registries, ensuring that AI assistants can only pull scanned, safe dependencies. The release addresses a rapidly growing blind spot in tech: autonomous agents frequently install packages in the background to extend their capabilities, often without their human operators’ knowledge or oversight. “The people who are operating the agents are not necessarily developers, and they are not even aware of the implications,” explained Gavriel Cohen, creator of NanoClaw and CEO and co-founder of its new commercial services startup, NanoCo AI. To secure the broader ecosystem, the integration is available completely free of charge for the open-source community, while enterprise organizations can seamlessly route their agents through their existing, commercially licensed JFrog environments.The new technical capability enabled by this partnership follows NanoCo’s moves to add permissions dialogs across the apps in which it’s available via a partnership with Vercel, and a new partnership with Docker to allow NanoClaw agents to run more securely, isolated from other software environments directly inside Docker virtual containers. The risk of current, personal autonomous AI agents When an operator interacts with an autonomous system like NanoCo’s NanoClaw, they communicate at a high level of abstraction. A user might simply send an audio file or a voice note, prompting the agent to independently figure out how to process it. As Cohen explained, the agent thinks, “oh, I can’t understand voice notes, so let me go and grab a package and download something and install it and set it up and run it”.This dynamic self-improvement makes AI agents incredibly powerful, but it also renders them highly susceptible to software supply chain attack …
