42 Days, 8 Major Versions, 0 CVEs: Hermes Agent, Emerging from Web3, is "Stealing the Show" from OpenClaw

On February 25, 2026, Nous Research released Hermes Agent v0.1.0. 42 days later, on April 8, the project had already iterated to v0.8.0, spanning 8 major versions, merging hundreds of PRs, with 242 contributors. During the same period, OpenClaw, the hottest open-source AI Agent project on GitHub, boasted 346,000 stars but also accumulated 138 security vulnerabilities in 63 days.

Both growth curves were rising, but what was rising was completely different.

From its official launch on January 29 to surpassing React on March 3 to become the most-starred software project in GitHub's history, OpenClaw took only 33 days. According to OpenClaw Statistics, at its peak, 34,168 stars poured in within 48 hours, equivalent to 710 per hour. For reference, Kubernetes took about three years to reach 100,000 stars.

But according to tracking by the Blink Security Blog, within the same timeframe, security researchers were disclosing CVEs at an average rate of 2.2 per day. A total of 138 were accumulated in 63 days, including 7 critical (CVSS 9.0+) and 49 high-severity ones, accounting for 41% combined. The most destructive was CVE-2026-25253, a zero-click remote code execution vulnerability with a CVSS score of 8.8. An attacker only needed a user to visit a malicious webpage to steal authentication tokens via the WebSocket gateway and gain full control of the user's Agent. According to Shodan scan data, over 42,000 OpenClaw instances were exposed to the public internet in February, with 63% not having gateway authentication enabled.

On February 14, OpenClaw founder Peter Steinberger announced he was joining OpenAI, and the project was transferred to an open-source foundation. The frequency of security issue disclosures accelerated further thereafter.

This is the backdrop against which Hermes Agent entered the scene. Not a quiet track, but a market where trust is crumbling. However, understanding Hermes merely as an "OpenClaw alternative" misses more important information. These two projects have a fundamental divergence at the architectural level.

OpenClaw's skills are static Markdown files, handwritten by users and distributed via the ClawHub marketplace. According to a February audit by the Snyk security team, 1,467 out of 5,700 skills on ClawHub were confirmed as malicious, including credential theft, crypto mining, persistent backdoors, and prompt injection. 91% of these mixed prompt injection with traditional malware techniques. The highest installation count for a single malicious skill exceeded 340,000.

Hermes Agent took a completely different path. Its skills are not written by users; they are generated by the Agent itself. After completing a complex task (typically involving 5 or more tool calls), Hermes refines the execution experience into reusable skill documentation, storing it as structured Markdown following the agentskills.io open standard. When encountering similar tasks later, the Agent automatically calls and optimizes these skills. Every 15 tasks automatically triggers a reflection cycle to evaluate which skills are effective and which need improvement.

The memory system is also different from the ground up. OpenClaw relies on three plain text files (SOUL.md for personality, MEMORY.md for notes, USER.md for user profile), with cross-session memory requiring manual user configuration. Hermes has a built-in hierarchical persistence architecture: a persistent notes layer, FTS5 full-text search, Honcho user modeling, hot/cold storage separation, supporting 6 pluggable backends. Users don't need to manually manage anything; the Agent itself decides what to remember and what to forget.

The difference in security models is more direct. OpenClaw's default security configuration has been described by security researchers as "weak," with gateway authentication off by default and no sandbox isolation for skill execution. Hermes, from day one, built in prompt injection scanning, credential filtering, context scanning, and container hardening (read-only root filesystem + capability dropping). As of April 9, Hermes Agent has no public CVE records.

Simply put, OpenClaw is a "toolbox" where you tell it how to do things. Hermes is a "growing assistant" that learns how to do better from doing.

The iteration pace also speaks volumes. In the 42 days from v0.1.0 to v0.8.0, Hermes Agent's v0.2.0 alone merged 216 PRs, resolved 119 issues, integrated 7 messaging platforms, and wrote 3,289 tests. According to GitHub data, 27,000 stars correspond to 242 contributors, a contributor-to-star ratio of about 1:111. This means for every 111 followers, one is writing code, indicating a community participation density far higher than OpenClaw.

More noteworthy is the team behind Hermes. Nous Research is not a startup that suddenly appeared. Starting from a Discord community in 2022, they spent three years becoming one of the most influential players in the open-source AI model space. According to HuggingFace data, the Hermes series of models has been downloaded over 33 million times cumulatively. From Hermes 1 in 2023 (LLaMA 13B fine-tune, ranking first on multiple benchmarks) to Hermes 4 in 2025 (70B parameters), and now to Hermes Agent, this line is coherent: first build models, then build Agents, with model capability as the foundation for Agent capability.

Their roots are in web3. CEO Jeffrey Quesnelle was previously the lead engineer at Eden Network, an Ethereum MEV infrastructure project. The seed round in January 2024 was led by Distributed Global and OSS Capital, with personal participation from Solana co-founder Raj Gokal. In April 2025, Paradigm, one of the largest venture capital funds in the crypto space, led a $50 million Series A round with a token valuation of $1 billion. Note, a token valuation, not a traditional equity valuation.

This means Nous Research is web3-native from its governance structure to its technical architecture. Their Psyche network is built on the Solana blockchain, serving as a decentralized AI training infrastructure. Hermes 4.3, released in December 2025, was the first model trained entirely on the Psyche network, using consumer-grade GPUs distributed globally rather than relying on centralized data centers.

A web3 team exporting influence to the AI circle is not an isolated case. On March 31, an engineer named Chaofan Shou discovered a source code leak for Anthropic Claude Code. A missing .npmignore file led to 512,000 lines of TypeScript code being publicly published to npm. According to VentureBeat, the mirrored repository gained 100,000 stars within 24 hours of the leak. Chaofan Shou's other identity is an engineer at Solayer Labs and co-founder of blockchain security company Fuzzland—a UC Berkeley dropout and web3 security researcher who created one of the largest code leak events of 2026 in the AI circle.

What Nous Research is doing is essentially similar: transplanting the methodology honed by the web3 community (open-source first, decentralized governance, community-driven iteration) to the AI Agent infrastructure layer. Hermes Agent's iteration speed of 8 major versions in 42 days is, to some extent, a product of this methodology.

OpenClaw's security crisis was a catalyst, not the cause. The real variable is: how should AI Agents be built? Should we give users a toolbox to assemble themselves, or build a system that can learn and evolve on its own? Nous Research spent three years and 33 million model downloads answering the latter question, and then spent 42 days turning that answer into a product.