AI
AI Video Generation
Guide
Design
Digital Transformation
Digital
Engineering
Share
The AI Agent War Nobody Saw Coming
By Pek Pongpaet| Founder & CEO, Impekable | 10 min read
One had 345,000 GitHub stars and a security meltdown. The other just quietly took the #1 spot on OpenRouter. Here's everything you need to know and which one belongs in your stack.
In this post
What OpenClaw and Hermes Agent actually are
The key terms you need to know before comparing them
The architectural difference that changes everything
The security scandal that cracked OpenClaw's crown
Who should use which, a clear, no-hedging verdict
You spend an afternoon teaching your AI coding assistant your codebase, the naming conventions, the deployment pipeline, the legacy database schema nobody bothered to document. Then you close the session. When you open a new one, it's gone. You're starting over. Again.
That loop of context loss and re-explanation has been the persistent headache of AI-assisted development for years. Two open-source projects decided to attack it from completely different directions. And as of May 10, 2026, one of them just dethroned the other as the most-used AI agent on the planet.
This is the full breakdown.
What Are These Tools, Actually?
Before we get into the battle, let's define what we're comparing. These are not chatbots or copilots.
OpenClaw - Open Source · 374K ⭐
A self-hosted AI agent runtime built around a central WebSocket Gateway that connects to 50+ messaging platforms Telegram, Discord, Slack, WhatsApp, and more. Started as a weekend project by Austrian developer Peter Steinberger in late 2025, it grew into one of the fastest open-source repos in GitHub history. Think of it as the "social butterfly" of AI agents: its goal is to be everywhere at once. Steinberger later joined OpenAI, and OpenClaw now operates as an independent foundation with OpenAI as a sponsor.
Check it out here: https://openclaw.ai/
Hermes Agent - Open Source · 160K ⭐
A self-hosted, model-agnostic AI agent framework built by Nous Research, the lab behind the Hermes, Nomos, and Psyche model families. Launched February 25, 2026, it hit 110K GitHub stars in ten weeks. Its entire architecture is built around one idea: the agent should get better at your specific workflows over time, not through model updates, but through a closed learning loop that runs after every task. As of May 10, 2026, it's the #1 agent on OpenRouter's global daily rankings with 224 billion daily tokens.
Check it out here: https://hermes-agent.nousresearch.com/
Key Terms - Before You Read Further
Persistent Memory
The ability of an AI agent to remember facts, decisions, and context from past sessions rather than starting fresh every time. Without it, every conversation is a blank slate.
Session-Based vs. Long-Running Agent
Session-based agents live inside a single conversation or terminal window. Close the tab, and they forget everything. Long-running agents operate as persistent processes like a background service on your server that stay alive between tasks.
Procedural Memory / Skills
Not just remembering what happened, but how to do something. When Hermes converts a successful workflow into a reusable "skill," it's storing a method so it can apply that approach to future similar tasks automatically.
WebSocket Gateway
OpenClaw's central router, a persistent connection layer that receives messages from 50+ platforms and routes them to the agent. It's what makes OpenClaw's multi-platform reach possible.
Self-Improving Loop
Hermes's core differentiator. After completing a task, the agent enters a "reflective phase" it analyzes what worked, extracts that reasoning as a named skill, and refines it with use. Run the same task type 100 times, and Hermes gets faster and more accurate at it. OpenClaw doesn't do this.
CVE (Common Vulnerabilities and Exposures)
Publicly disclosed security flaws in software. A CVSS score of 9.0+ is considered Critical. A CVSS of 8.0 - 8.9 is High. These matter a lot when an agent has access to your accounts, files, and APIs.
CVSS (Common Vulnerability Scoring System)
A standardized scale from 0.0 to 10.0 that rates how severe a security vulnerability is. The higher the number, the worse the risk. Scores of 9.0 and above are considered Critical. In plain terms: when a CVE scores 9.9, it means an attacker can do near-maximum damage with minimal effort.
Model-Agnostic
Can work with any AI model provider OpenAI, Anthropic, local models without being locked into one. Hermes supports 200+ models via OpenRouter, plus AWS Bedrock, NVIDIA NIM, and local inference.
OpenRouter
A unified API hub that routes requests to dozens of AI models. Its global daily rankings track which agents and apps generate the most inference traffic a real-world signal of actual usage, not just stars.
The Core Architectural Difference
Here's the analogy that actually lands: OpenClaw is the extrovert. Hermes is the one who keeps a journal.
OpenClaw | Hermes Agent | |
|---|---|---|
Design Philosophy | Built for reach | Built for depth |
Core Mechanism | WebSocket Gateway | Self-improving loop: execute → evaluate → extract → refine → retrieve |
How It Operates | Routes your agent across 50+ platforms simultaneously | Learns from every completed task and stores it as a reusable skill |
Best Analogy | One brain, everywhere at once | One brain, getting sharper every day |
The Trade-off | Broad but static — the 101st task looks the same as the 1st | Narrow but compounding — the 101st task is faster, more accurate, and more consistent |
Thinks In | Channels | Time |
OpenClaw thinks in channels. Hermes thinks in time.
Head-to-Head Comparison
Category | OpenClaw | Hermes Agent |
GitHub Stars | ~373,000 (as of May 2026) | 153,000 (110K in first 10 weeks) |
Architecture | WebSocket Gateway, control-plane first, 50+ platform channels | Self-improving loop, layered memory, persistent skill library |
Memory System | File-backed identity, explicit human-authored skills, SOUL.md | Layered: notes + SQLite session history + user modeling + procedural skills |
Learning Over Time | None, each task starts from the same baseline | Yes, extracts reusable skills from successful completions |
Platform Reach | 50+ messaging platforms | 20 supported platforms (Google Chat added in v0.13.0) |
Model Support | OpenAI-compatible APIs | 200+ models via OpenRouter, AWS Bedrock, NVIDIA NIM, local models |
Setup Complexity | Lower built-in tools, faster deployment | Higher, requires managing skill storage + infrastructure |
Stability | Frequent updates, known to break running instances | More stable in practice; slower release cadence |
Security Track Record | 9 CVEs in 4 days (March 2026), 1 scored 9.9 CVSS; 341 malicious skills found in ClawHub | CVE-2026-7113 (CVSS 5.6, v0.8.0 only); 8 P0 security fixes shipped in v0.13.0 |
OpenRouter Ranking (May 10, 2026) | 186B daily tokens | #1 - 224B daily tokens (271B total processed) |
Latest Version | v2026.4.26 | v0.13.0 "Tenacity" (May 7, 2026) |
Best For | Multi-platform reach, rapid deployment, large community ecosystem | Long-running agents, improving with use, security-sensitive environments |
The Security Scandal That Shook Everything
OpenClaw's growth was historic. But scale created a target.
Security Alert - OpenClaw, March 2026
Nine CVEs were disclosed in a four-day window. One scored CVSS 9.9 near-maximum severity. CVE-2026-25253 (CVSS 8.8) was a remote exploitation vulnerability. A supply chain audit of ClawHub, OpenClaw's community skills marketplace found 341 malicious skills in a scan of just 2,857 entries. That's a roughly 12% malware rate. Security researchers also identified 135,000+ publicly exposed OpenClaw instances across 82 countries. Cisco called personal AI agents like OpenClaw "a security nightmare."
Hermes isn't spotless either. CVE-2026-7113 surfaced in late April 2026 a missing authentication issue in version 0.8.0 with a CVSS score of 5.6. The difference is scope, severity, and response time. Hermes patched it quickly. OpenClaw's issues were systemic.
When you're running an agent that has access to your data, your accounts, and your production APIs, this isn't a footnote. It's the whole conversation.
Hermes doesn't just do tasks, it learns from them. That's not a feature. That's a different kind of AI agent altogether.
How Hermes's Learning Loop Actually Works
Most agent frameworks run a fixed loop: receive task → plan → execute → return result. Session ends. Nothing retained. Hermes adds a phase after execution that most frameworks skip entirely.
The Five-Step Loop
1. Execute - Complete the task normally.
2. Evaluate - Was this approach non-trivial? Did it work?
3. Extract - If yes, name and structure the reasoning pattern as a skill.
4. Refine - As similar tasks run in the future, update what the "best approach" looks like.
5. Retrieve - On new tasks, search the skill library first before solving from scratch.
The practical result: an agent that gets faster and more accurate on your specific workflow the more you use it. Hermes also builds a persistent user model across sessions, so it progressively aligns with your preferences without needing re-instruction every time. That part is easy to underestimate until you've experienced the alternative.
Where OpenClaw Still Wins
The security narrative makes it easy to write OpenClaw off. That would be a mistake.
No agent framework touches it for ecosystem breadth. ClawHub has 13,000+ community skills. It's integrated across 50+ messaging channels. For teams that need rapid deployment, a large support community, and multi-platform reach from day one, OpenClaw's head start is real. Its all-time usage still dwarfs Hermes.
OpenClaw is also the right call if you already know what you're getting into. Power users who want manual control over their agent's skills, behavior, and routing will feel more at home in OpenClaw's explicit, human-authored skills model than Hermes's more autonomous learning loop.
The Verdict - Who Should Use Which
Use Hermes Agent if… | Use OpenClaw if… | |
|---|---|---|
Goal | You want an agent that genuinely improves with use | You need to operate across many messaging platforms fast |
Project Type | You're running long-term projects where context compounds | You've already built infrastructure around OpenClaw's gateway model |
Security | You're in a security-sensitive environment | You're a power user comfortable managing security yourself |
Models | You need model flexibility (200+ models supported) | You need the largest existing open-source agent ecosystem |
Priority | Stability matters more than cutting-edge features | Quick deployment and breadth matter more than depth |
Timeline | You're building for the long run, not just a quick automation | You want a large community and marketplace of ready-made skills |
The honest summary
Hermes is the better starting point for most people who want a reliable personal agent that gets smarter over time. OpenClaw is the better choice if you're a power user who wants the larger ecosystem and knows what you're signing up for security-wise.
The OpenRouter leaderboard flip on May 10th isn't just a milestone. It's a signal. The community is increasingly choosing depth over reach an agent that compounds through use over one that's everywhere but the same every day.
The race is far from over. But right now, for most developers, Hermes has earned the starting position.
Frequently Asked Questions
Is Hermes Agent better than OpenClaw?
Is OpenClaw safe to use after the March 2026 security incidents?
What is a self-improving AI agent?
Can Hermes Agent work with models other than GPT or Claude?
Why did Hermes Agent overtake OpenClaw on OpenRouter?
Sources & Further Reading
The New Stack - "OpenClaw vs. Hermes Agent: The race to build AI assistants that never forget" (April 2, 2026)
MarkTechPost -"OpenClaw vs Hermes Agent: Why Nous Research's Self-Improving Agent Now Leads OpenRouter's Global Rankings" (May 10, 2026)
Turing Post -"Hermes Agent vs OpenClaw: Self-Improving Loop, Layered Memory, Procedural Skills" (May 13, 2026)
Medium (Sathish Raju) -"I Switched from OpenClaw to Hermes Agent. Here's What Nobody Told Me" (May 2026)
MindStudio -"Hermes Agent vs OpenClaw: Which Open-Source AI Agent Should You Use?"
MindStudio -"Hermes Agent vs OpenClaw: Which Self-Hosted AI Agent Is Right for On-the-Go Agentic Work?"
AICOSoft -"The AI Agent Showdown: Why Hermes Just Dethroned OpenClaw" (May 14, 2026)
MindStudio -"What Is Hermes Agent? The OpenClaw Alternative with a Built-In Learning Loop"
© 2026 Impekable · AI Consultancy · ElevenLabs & Google Cloud Partner
