NanoCo, the startup behind NanoClaw, a fast-growing alternative to OpenAI Group PBC’s OpenClaw project, said today it’s teaming up with Vercel Inc. and OneCLI to try to fix the “trust problem” holding back artificial intelligence agents.

Their idea is to bring human-in-the-loop oversight to AI agents performing sensitive tasks via popular messaging applications such as Slack, WhatsApp and Microsoft Corp.’s Teams, where professionals already organize their working lives.

To do this, NanoClaw is integrating with Vercel’s ChatSDK and OneCLI’s credential vault to create a unified architecture that will ensure AI agents cannot go rogue. The way it works is that when an AI agent needs to perform a sensitive task such as making a payment or deleting a cloud resource, it will trigger a “native approval card” within the user’s messaging platform of choice. All users have to do is tap to approve the action, and it’s good to go.

According to NanoCo, this kind of oversight is necessary for AI agents to achieve their true potential, for they generally provide the most value when they’re able to access “high-stakes” information such as financial data, calendars and powerful tools. But granting unrestricted access simply won’t do, because of the unpredictable nature of AI agents. At present, developers can only grant agents broad permissions, but doing this is akin to playing Russian Roulette given the risk of AI hallucinations.

This is why many enterprises have only deployed AI agents to handle low-stakes tasks, such as drafting emails and summarizing meetings, where they can’t cause much damage. But to witness the promised productivity gains of AI automation, agents must be trusted to handle more critical work, and that’s where NanoClaw and Vercel believe they can make a difference.

NanoClaw is a secure, lightweight and open-source personal AI agent that’s designed to run on people’s computers, offering a more secure alternative to complex agentic frameworks like OpenClaw. It utilizes containerization Docker containers to isolate agent sessions, ensuring that they can only access explicitly authorized files and directories.

OneCLI’s credential vault plays a vital role in NanoClaw’s agentic trust solution, acting as a kind of gatekeeper that encrypts and secures user’s credentials. It will inject authentication into an agent’s workflows only at the moment a request is approved, and that permission will immediately be revoked once the action has been taken. Moreover, it means the agent never sees the user’s credentials itself.

Once an agent identifies a task that requires sensitive permissions, NanoClaw then leverages Vercel’s Chat SDK to create an interactive card that pops up in the user’s favored chat application. The card contains the full context, namely what the agent is asking to do, and why, and gives users the option to approve or deny that request. Enforcement is built at the infrastructure level, so the agent has no way to override the requirement for permissions, regardless of how it’s prompted.

NanoClaw creator Gavriel Cohen said thousands of people have given AI agents access to their most sensitive systems because the value they provide is too great to ignore. But he warned that these people are really just hoping for the best, because giving them such broad access can be extremely risky.

“We built NanoClaw to end that tradeoff,” he said. “Because that trust layer exists, agents can do more, not less. They can add their own tools, expand their own capabilities and even modify their own configuration, all through the same approval flow. That’s what a real trust layer makes possible.”

Image: NanoClaw