Starting from the cryptocurrency world, what makes Hermes Agent the biggest challenger to OpenClaw?

On February 25, 2026, Nous Research released Hermes Agent v0.1.0. Just 42 days later, on April 8, the project had iterated to v0.8.0, with 8 major versions and hundreds of PRs merged, involving 242 contributors. During the same period, the hottest open-source AI Agent project on GitHub, OpenClaw, boasted 346,000 stars but also accumulated 138 security vulnerabilities in 63 days.

Two growth curves were rising simultaneously, but what was increasing was completely different.

From its official launch on January 29 to surpassing React as the software project with the most stars in GitHub history on March 3, OpenClaw took only 33 days. According to OpenClaw Statistics, during its peak period, it received 34,168 stars in just 48 hours, averaging 710 stars per hour. For reference, Kubernetes took about three years to reach 100,000 stars.

However, according to the Blink Security Blog, during the same time window, security researchers disclosed CVEs at an average rate of 2.2 per day. A total of 138 were disclosed in 63 days, including 7 critical (CVSS above 9.0) and 49 high-severity vulnerabilities, accounting for 41% in total.

The most destructive was CVE-2026-25253, a zero-click remote code execution vulnerability with a CVSS score of 8.8. An attacker only needs to get a user to visit a malicious webpage to steal authentication tokens through the WebSocket gateway, gaining complete control over the user's Agent. According to Shodan scan data, over 42,000 OpenClaw instances were exposed on the public internet in February, with 63% not having gateway authentication enabled.

On February 14, OpenClaw founder Peter Steinberger announced joining OpenAI, and the project was handed over to an open-source foundation. After that, the frequency of security disclosures accelerated further.

This is the background against which Hermes Agent emerged. It is not a quiet track but a market where trust is crumbling. However, understanding Hermes merely as an "OpenClaw alternative" misses more important information. The two projects have fundamental differences at the architectural level.

OpenClaw's skills are static Markdown files, handwritten by users and distributed through the ClawHub marketplace. According to an audit by the Snyk security team in February, out of 5,700 skills on ClawHub, 1,467 were identified as malicious, including credential theft, crypto mining, persistent backdoors, and prompt injection. Among them, 91% mixed prompt injection with traditional malware techniques. The highest installation count for a single malicious skill exceeded 340,000.

Hermes Agent took a completely different path. Its skills are not written by users but generated by the Agent itself. After completing a complex task (usually involving more than 5 tool calls), Hermes distills the execution experience into reusable skill documents, stored as structured Markdown following the agentskills.io open standard. When encountering similar tasks later, the Agent automatically calls and optimizes these skills. A reflection loop is automatically triggered every 15 tasks to evaluate which skills are effective and which need improvement.

The memory system is also fundamentally different in design. OpenClaw relies on three plain text files (SOUL.md for persona management, MEMORY.md for notes, USER.md for user profiles), and cross-session memory requires manual configuration by the user. Hermes has a built-in hierarchical persistent architecture: a persistent notes layer, FTS5 full-text search, Honcho user modeling, and hot/cold storage separation, supporting six pluggable backends. Users do not need to manually manage anything; the Agent decides what to remember and what to forget.

The differences in security models are even more direct. OpenClaw's default security configuration has been described by security researchers as "weak," with gateway authentication turned off by default and skill execution without sandbox isolation. From day one, Hermes has built-in prompt injection scanning, credential filtering, context scanning, and container hardening (read-only root file system + capability dropping). As of April 9, Hermes Agent has not had any publicly recorded CVEs.

In simple terms, OpenClaw is a "toolbox" where you tell it what to do. Hermes is a "growing assistant" that learns how to do things better from doing them.

The iteration pace also speaks volumes. In the 42 days from v0.1.0 to v0.8.0, Hermes Agent's v0.2.0 version alone merged 216 PRs, resolved 119 issues, integrated 7 messaging platforms, and wrote 3,289 tests. According to GitHub data, 27,000 stars correspond to 242 contributors, resulting in a contributor-to-star ratio of 1:111, meaning that 1 in every 111 followers is writing code, indicating a much higher community participation density than OpenClaw.

What’s even more noteworthy is the team behind Hermes. Nous Research is not a suddenly emerged startup. They began in the Discord community in 2022 and spent three years becoming one of the most influential players in the open-source AI model space. According to HuggingFace data, the Hermes series models have been downloaded over 33 million times. From Hermes 1 in 2023 (LLaMA 13B fine-tuning, ranking first in multiple benchmarks) to Hermes 4 in 2025 (70B parameters), and then to Hermes Agent, this line is coherent: first build the model, then build the Agent, with model capabilities serving as the foundation for Agent capabilities.

Their roots are in web3. CEO Jeffrey Quesnelle was previously the chief engineer of the Ethereum MEV infrastructure project Eden Network. The seed round in January 2024 was led by Distributed Global and OSS Capital, with personal investment from Solana co-founder Raj Gokal. In April 2025, one of the largest venture capital funds in the crypto space, Paradigm, led a $50 million Series A round, with a token valuation of $1 billion. Note that it is a token valuation, not a traditional equity valuation.

This means that Nous Research is web3 native in both governance structure and technical architecture. Their Psyche network is built on the Solana blockchain and serves as a decentralized AI training infrastructure. Hermes 4.3, released in December 2025, is the first model fully trained on the Psyche network, completed using consumer-grade GPUs distributed globally, rather than relying on centralized data centers.

The influence of web3 teams on the AI circle is not an isolated case. On March 31, an engineer named Chaofan Shou discovered a source code leak of Anthropic Claude Code. A missing .npmignore file led to 512,000 lines of TypeScript code being publicly released on npm. According to VentureBeat, the leaked mirror repository received 100,000 stars within 24 hours. Chaofan Shou is also an engineer at Solayer Labs and a co-founder of blockchain security company Fuzzland, a web3 security researcher who dropped out of UC Berkeley and created one of the largest code leak incidents in AI in 2026.

What Nous Research is doing is essentially similar: transplanting the methodologies trained by the web3 community (open-source first, decentralized governance, community-driven iteration) to the AI Agent infrastructure layer. The rapid iteration speed of Hermes Agent, with 8 major versions in 42 days, is in some ways a product of this methodology.

OpenClaw's security crisis is a catalyst, but not the cause. The real variable is how AI Agents should be built. Should they provide users with a toolbox to assemble themselves, or create a system that can learn and evolve on its own? Nous Research spent three years and 33 million model downloads answering the latter question, and then turned that answer into a product in 42 days.