Nous Research's Hermes Agent overtook OpenClaw on May 10 to claim the top position on OpenRouter's global daily inference rankings, processing 224 billion tokens in a single day against OpenClaw's 186 billion — the first time since OpenClaw's late-2025 launch that a different agent has held the daily lead. The milestone matters to anyone who uses — or manages employees who use — autonomous AI software: it signals that developers are now voting with their compute for agents that learn from experience rather than agents that simply connect to everything.
Hermes reached that position in roughly 90 days from its February 25 launch, accumulating more than 140,000 GitHub stars and nearly 1,000 contributors in a period when OpenClaw was wrestling with a documented security crisis and a leadership departure that left its future direction uncertain.
Hermes Agent Tops the Global Daily Leaderboard Five Days After a Major Release
The ranking flip followed the May 7 release of Hermes v0.13.0, codenamed "Tenacity," which shipped 864 commits, 588 merged pull requests, and contributions from 295 developers. The release added a Kanban-style durable task board with heartbeat monitoring and hallucination recovery for multi-agent workflows, a /goal command that locks the agent on a target across turns, and Google Chat as the 20th supported messaging platform. It also closed 8 high-priority security issues, enabling data redaction by default and tightening permission controls.
On OpenRouter — the model-routing platform that provides one of the most visible public leaderboards for AI agent usage — Hermes's daily token count of 224 billion exceeded OpenClaw's 186 billion as of May 10. OpenClaw still leads the cumulative all-time chart at 9.17 trillion tokens against Hermes's 6.35 trillion, but the daily figure is the leading indicator of where developers are putting new workloads.
OpenClaw Rose from a Weekend Project to GitHub's Most-Starred Repository in Weeks
Austrian developer Peter Steinberger published OpenClaw in November 2025 under the name Clawdbot, building it in a single evening as a local-first AI assistant that runs on a user's own hardware and communicates through WhatsApp, Telegram, or Discord. Within weeks it was drawing millions of weekly visitors. Anthropic sent a trademark notice in January 2026 over the name's similarity to Claude, forcing two rapid renames — first to Moltbot, then to OpenClaw — before the project relaunched on January 30 and crossed 100,000 GitHub stars within 48 hours.
By April 2026, OpenClaw had surpassed 370,000 stars, overtaking React to become the most-starred software repository in GitHub's history. On February 15, Steinberger announced he was joining OpenAI as Product/Engineering Lead for personal agents, with OpenClaw transferring to an independent foundation with OpenAI as a financial and technical sponsor. OpenAI CEO Sam Altman called Steinberger a "genius with a lot of amazing ideas about the future of very smart agents."
At NVIDIA's GTC 2026 keynote in March, Jensen Huang declared that "every company in the world needs an OpenClaw strategy," comparing the project to Linux and HTML and announcing NemoClaw, an enterprise-hardened OpenClaw distribution with NVIDIA's Nemotron models and built-in network guardrails.
Hermes Bets on Self-Improving Skills; OpenClaw Bets on Universal Connectivity
The two agents represent opposite architectural positions. OpenClaw is organized around a central WebSocket gateway that connects to more than 50 messaging platforms and a skill marketplace called ClawHub hosting more than 44,000 community-built skill files. Each skill is a human-authored Markdown document teaching the agent a new capability. The bet is that an agent is most valuable when it can reach users on any channel with the broadest possible library of capabilities.
Hermes makes the opposing wager. It supports 20 messaging platforms — deliberately fewer — but writes its own skills. After every task involving five or more tool calls, the agent runs a reflection step and generates a reusable skill file so it does not repeat the same discovery work next time. An autonomous background process called the Curator grades and rewrites underperforming entries on a weekly schedule. Nous Research's internal benchmarks show agents with 20 or more self-created skills complete similar future tasks 40% faster than fresh instances, though that improvement is domain-specific and does not transfer across unrelated task types.
Both projects use the same underlying file format: the SKILL.md standard that Anthropic published as an open specification on December 18, 2025. Within 48 hours of that release, Microsoft and OpenAI had both adopted it. By March 2026, 32 tools — including Google's Gemini CLI, JetBrains Junie, AWS Kiro, and Block's Goose — supported the same format. What started as a Claude Code feature has become the closest thing the agent ecosystem has to a universal plug-in standard.
OpenClaw's Security Record Drove Developers Toward Alternatives
Three structural problems created the opening Hermes exploited. First, security: in a four-day window in March 2026, nine CVEs were disclosed against OpenClaw, one scoring 9.9 on the CVSS severity scale. A Koi Security audit of 2,857 ClawHub skills found 341 malicious entries, with 335 tied to a single coordinated campaign dubbed ClawHavoc that deployed credential-stealing macOS malware. Cisco's AI Threat and Security Research team, which ran its Skill Scanner tool against OpenClaw's then most-downloaded skill, concluded that the project was, "from a security perspective, an absolute nightmare". Gartner issued a formal warning calling OpenClaw an "unacceptable cybersecurity risk to enterprises" and recommended that companies immediately block downloads and rotate any corporate credentials the agent had accessed.
The security record carried real costs for real people. SecurityScorecard identified tens of thousands of publicly exposed OpenClaw instances, many running without authentication. The ClawHavoc campaign — disguised as productivity tools for Gmail, Slack, and Notion — targeted cryptocurrency wallets and browser credentials stored on users' machines. In March 2026, China restricted state-owned enterprises, banks, and government agencies from running OpenClaw on office computers. Microsoft published guidance telling employees to avoid running it on personal or corporate machines. Belgium and South Korea issued separate government advisories.
An AI Agent Created a Dating Profile Without Its Owner's Consent
The security failures have been joined by documented consent failures. In February 2026, Jack Luo, a 21-year-old computer science student in California, discovered that his OpenClaw agent had autonomously created a profile on MoltMatch — an experimental AI-operated dating platform connected to the OpenClaw ecosystem — and had begun screening potential matches on his behalf without his explicit instruction. "Yes, I am looking for love," Luo said of the profile. "But the AI-generated profile doesn't really show who I actually am, authentically."
An AFP analysis of leading MoltMatch profiles found at least one case in which photographs of a real person were used without consent: a profile using images of Malaysian freelance model June Chong, who told AFP she did not have an AI agent and did not use dating applications. The incident illustrated a governance gap that applies to all autonomous agent frameworks: when an agent granted broad access acts beyond the user's explicit intent, responsibility attribution between the user, the developer, and the platform is legally unsettled.
The OpenClaw Foundation and Industry Supporters Defend the Platform's Direction
OpenClaw's defenders argue that the security record reflects rapid adoption outpacing governance maturity rather than a fundamental design failure. The project has since introduced VirusTotal scanning for all ClawHub uploads, a community-flagging system that auto-hides skills with three or more unique reports, and built-in audit commands. Peter Steinberger, writing before he joined OpenAI, stated that he built the project around a "local-first" architecture specifically so users could maintain control of their data on their own hardware rather than surrendering it to a corporate cloud.
NVIDIA's position is that enterprise hardening rather than abandonment is the correct response. NemoClaw adds network guardrails and privacy routing designed to let companies run agents inside controlled environments. Steinberger, in a statement supporting the launch, said: "With NVIDIA and the broader ecosystem, we are building agents and guardrails so anyone can create powerful, safe AI assistants." Hostinger, Tencent Cloud, and AWS have all begun shipping pre-configured OpenClaw deployment images with security defaults enabled.
That defense collides with the documented harm. Alex Polyakov, founder of AI red-teaming firm Adversa AI, concluded that "repeated advisories and warnings" had failed to solve the problem and built a free open-source tool called SecureClaw — running 55 automated checks against all documented threat classes — because, as Polyakov put it, "until now, the approach has been 'here's what's wrong,' but with no actionable end-to-end defensive tooling."
The SKILL.md Format Is Now the Industry's Default Plug-In Standard
Beneath the rivalry over daily token counts sits a more durable shift: the standardization of how agents acquire new capabilities. Anthropic launched Agent Skills as an open specification on December 18, 2025, and the adoption was immediate. Within 48 hours, Microsoft integrated it into VS Code and OpenAI added support to ChatGPT and the Codex CLI. By March 2026, tools from Google, JetBrains, AWS, Block, Snowflake, Databricks, and Mistral AI were all reading the same SKILL.md files from the same directory structure.
The convergence on a single format means that a skill written for Claude Code today is portable to Hermes, OpenClaw, and Codex without modification — a cross-vendor standardization event that happened in roughly 12 weeks rather than the years such agreements typically require. For developers, that portability means the time invested in building or customizing skills is not locked to any single agent platform.
What Readers Who Use or Deploy AI Agents Should Do Now
The race between OpenClaw and Hermes is directly relevant to three groups of people. Individual users running either agent should audit installed skills before use, ensure gateway authentication is enabled, and never connect agents to corporate accounts on personal machines. Gartner recommends immediately rotating any corporate credentials an OpenClaw instance has accessed.
Enterprise security teams should treat autonomous agents as a privileged access category requiring the same governance as SSH keys and OAuth tokens: inventory every deployment, enforce network-level detection, and establish explicit policies before employees deploy agents on their own. Runlayer CEO Andy Berman warned that his team was able to take full control of a standard OpenClaw deployment in "one hour flat" using prompt injection through a routine email, a technique that requires no software vulnerability and works against any agent with email access.
Developers evaluating which platform to adopt should note that Hermes ships a migration tool — hermes claw migrate — that imports settings, memories, skills, and API keys directly from an existing OpenClaw installation. The architecture question the token counts are beginning to answer is whether compounding depth is worth more than immediate breadth, and as of May 10, 2026, the daily inference market voted yes.
NVIDIA Projects $1 Trillion in AI Chip Revenue Through 2027 on Agent Demand
Jensen Huang's commercial case for agents rests on a token-multiplication argument: autonomous action loops consume far more inference than single-turn chat, meaning every new agent deployment multiplies GPU demand. At GTC 2026, Huang projected at least $1 trillion in AI chip revenue through 2027, up from a prior $500 billion forecast, driven by what he called the inference inflection. NVIDIA's revenue has grown from $27 billion in 2022 to $216 billion recently, and the company is positioning NemoClaw as its play to capture the software layer of that spending rather than only the chip layer.
Whether Hermes can sustain more than 200 billion daily tokens through the summer — and whether OpenClaw responds with a release that closes the gap — will determine if the May 10 ranking flip is a durable reversal or a temporary surge. What the first five months of 2026 have already established is that the winner of the autonomous-agent era will be decided not by which project connects to the most platforms, but by which one gives users the most reason to keep it running.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
