On February 25, 2026, Nous Research released Hermes Agent v0.1.0. Just 42 days later, on April 8, this project had already iterated to v0.8.0, with 8 major versions merged and hundreds of PRs, involving 242 contributors. During the same period, the most popular open-source AI Agent project on GitHub, OpenClaw, boasted 346,000 stars but also accumulated 138 security vulnerabilities within 63 days.

Two growth curves are rising simultaneously, but the things that are rising are completely different.

From its official launch on January 29 to surpassing React on March 3 as the software project with the most stars in GitHub's history, OpenClaw took just 33 days. According to OpenClaw Statistics, during peak times, it received 34,168 stars in just 48 hours, equivalent to 710 stars per hour. For reference, Kubernetes took about three years to reach 100,000 stars.

However, according to Blink Security Blog's tracking, during the same timeframe, security researchers disclosed an average of 2.2 CVEs per day. Within 63 days, a total of 138 were reported, including 7 critical (CVSS above 9.0) and 49 high severity vulnerabilities, accounting for 41% in total. The most destructive was CVE-2026-25253, a zero-click remote code execution vulnerability with a CVSS score of 8.8. Attackers need only to direct users to a malicious webpage to steal authentication tokens via the WebSocket gateway, completely controlling the user's Agent. According to Shodan scanning data, more than 42,000 OpenClaw instances were exposed on the public internet in February, with 63% having gateway authentication disabled.

On February 14, OpenClaw founder Peter Steinberger announced joining OpenAI, with the project handed over to an open-source foundation. The frequency of security issues disclosures accelerated further afterward.

This is the backdrop of Hermes Agent’s appearance. It is not a quiet race but a market where trust is crumbling. However, understanding Hermes merely as an "OpenClaw alternative" misses more important information. The two projects have fundamental architectural differences.

OpenClaw's skills are static Markdown files, hand-written by users, and distributed through the ClawHub marketplace. According to a February audit by Snyk's security team, 1,467 of the 5,700 skills on ClawHub were identified as malicious, including credential theft, crypto mining, persistent backdoors, and prompt injection. Among them, 91% mixed prompt injection with traditional malware techniques. The highest installation count for a single malicious skill exceeded 340,000 times.

Hermes Agent took a completely different path. Its skills are not written by users but generated by the Agent itself. After completing a complex task (typically involving more than 5 tool calls), Hermes distills the execution experience into reusable skill documentation, stored in a structured Markdown format according to the agentskills.io open standard. When encountering similar tasks later, the Agent automatically calls and optimizes these skills. A reflective loop is automatically triggered every 15 tasks to assess which skills are effective and which need improvement.

The memory system is also fundamentally designed differently. OpenClaw relies on three plain text files (SOUL.md for persona management, MEMORY.md for notes, USER.md for user profiles), and cross-session memory requires users to configure manually. Hermes is built with a layered persistence architecture: a persistent notes layer, FTS5 full-text search, Honcho user modeling, and hot/cold storage separation, supporting six pluggable backends. Users do not need to manage anything manually; the Agent decides what to remember or forget.

The differences in security models are even more direct. OpenClaw's default security configuration is described by security researchers as "weak"; gateway authentication is turned off by default, and skill execution lacks sandbox isolation. Hermes has built-in prompt injection scanning, credential filtering, context scanning, and container hardening (read-only root filesystem + capability dropping) from day one. As of April 9, Hermes Agent has no publicly recorded CVEs.

Simply put, OpenClaw is a "toolbox" where you tell it what to do. Hermes is a "growing assistant" that learns how to do better from performing tasks.

The iteration rhythm also speaks volumes. In the 42 days from v0.1.0 to v0.8.0, Hermes Agent merged 216 PRs for version v0.2.0 alone, resolved 119 issues, connected 7 messaging platforms, and wrote 3,289 tests. According to GitHub data, 27,000 stars correspond to 242 contributors, with a contributor-to-star ratio of 1:111, meaning that for every 111 followers, one is coding, indicating far higher community participation density compared to OpenClaw.

What’s even more noteworthy is the team behind Hermes. Nous Research is not a startup that appeared out of nowhere. They began in a Discord community in 2022 and spent three years becoming one of the most influential players in the open-source AI model space. According to HuggingFace data, the Hermes series models have been downloaded over 33 million times. From Hermes 1 in 2023 (LLaMA 13B fine-tuning, ranked first in multiple benchmarks) to Hermes 4 in 2025 (70B parameters), and then to Hermes Agent, this line is coherent: first create the model, then create the Agent, as model capabilities are the foundation of Agent capabilities.

Their roots are in web3. CEO Jeffrey Quesnelle was previously the chief engineer of the Ethereum MEV infrastructure project Eden Network. The seed round in January 2024 was led by Distributed Global and OSS Capital, with participation from Solana co-founder Raj Gokal. In April 2025, Paradigm, one of the largest venture capital funds in the crypto space, led a $50 million Series A, valuing the token at $1 billion. Note that this is a token valuation, not a traditional equity valuation.

This means that Nous Research's governance structure and technical architecture are all web3 native. Their Psyche network is built on the Solana blockchain and serves as a decentralized AI training infrastructure. The Hermes 4.3 model, released in December 2025, is the first model fully trained on the Psyche network, completed using consumer-grade GPUs distributed globally, rather than relying on centralized data centers.

The web3 team exerting influence in the AI space is not an isolated case. On March 31, an engineer named Chaofan Shou discovered source code leakage of Anthropic Claude Code. The absence of a .npmignore file led to 512,000 lines of TypeScript code being publicly released on npm. According to VentureBeat, the leaked mirror repository obtained 100,000 stars within 24 hours. Chaofan Shou is also an engineer at Solayer Labs and a co-founder of the blockchain security company Fuzzland, a web3 security researcher who dropped out of UC Berkeley, and created one of the biggest code leak events in the AI space in 2026.

What Nous Research is doing is essentially similar: transplanting the methodologies trained by the web3 community (open-source priority, decentralized governance, community-driven iteration) into the AI Agent infrastructure layer. Hermes Agent’s speed of iteration—42 days, 8 major versions—is, to some extent, a product of this methodology.

The security crisis of OpenClaw acts as a catalyst but is not the cause. The true variable is how AI Agents should be constructed. Should we provide users with a toolbox for them to assemble, or should we create a system that can learn and evolve on its own? Nous Research answered the latter question over three years with 33 million model downloads, and then turned the answer into a product in just 42 days.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。