IronClaw
NEAR AI's Rust-based AI assistant with WASM sandbox and TEE support. Highest security for enterprise deployments.
Zero-Trust High-Security AI Assistant
IronClaw is NEAR AI's security-focused AI assistant framework, announced live at NEARCON 2026. Built from scratch in Rust with cryptographic security at its core, it employs WASM (WebAssembly) sandbox and TEE (Trusted Execution Environment) support to provide the highest level of security protection for enterprise deployments.
Core Philosophy: "Zero trust" -- trust no component by default, all operations require explicit authorization
Launch Date: NEARCON 2026 (March 2026)
Company: NEAR AI
Developer: Illia Polosukhin (NEAR AI team)
Language: Rust
License: Open Source (MIT)
What Makes IronClaw Different
IronClaw is an OpenClaw-inspired implementation rebuilt from the ground up with security as the primary focus:
- Rust-based: Memory safety and performance
- WASM Sandboxes: Every tool runs in isolated containers
- Encrypted Credential Vault: Secrets never reach the AI model
- TEE Support: Hardware-enforced isolation on NEAR AI Cloud
- Verifiable Runtime: Open-source and auditable
- Prompt Injection Mitigation: Security by design, not policy
Why IronClaw?
🔒 WASM Sandbox Isolation
All skills run in WebAssembly sandboxes:
┌─────────────────────────────────────┐
│ IronClaw Security Architecture │
├─────────────────────────────────────┤
│ │
│ ┌─────────────────────────────┐ │
│ │ User Request │ │
│ └──────────────┬──────────────┘ │
│ │ │
│ ┌──────────────▼──────────────┐ │
│ │ Permission Check Layer │ │
│ └──────────────┬──────────────┘ │
│ │ │
│ ┌──────────────▼──────────────┐ │
│ │ WASM Sandbox │ │
│ │ ┌─────┐ ┌─────┐ ┌─────┐ │ │
│ │ │Skill 1│ │Skill 2│ │Skill 3│ │ │
│ │ └─────┘ └─────┘ └─────┘ │ │
│ │ (Each skill independently │ │
│ │ isolated) │ │
│ └──────────────┬──────────────┘ │
│ │ │
│ ┌──────────────▼──────────────┐ │
│ │ TEE (Optional) │ │
│ │ Hardware-grade protection │ │
│ └─────────────────────────────┘ │
│ │
└─────────────────────────────────────┘WASM Sandbox Advantages:
- ✅ Skills cannot access host system
- ✅ Each skill runs independently
- ✅ Malicious code cannot cause damage
- ✅ Fine-grained permission control
🛡️ TEE Trusted Execution Environment
Support for hardware-grade security protection:
| TEE Technology | Platform |
|---|---|
| Intel SGX | Intel processors |
| AMD SEV | AMD processors |
| ARM TrustZone | ARM devices |
| Intel TDX | Latest Intel platforms |
What TEE Protects:
- Code execution isolation
- Memory encryption
- Data privacy protection
- Tamper resistance
🏗️ Zero-Trust Architecture
IronClaw adopts a zero-trust security model:
Traditional Security Model:
┌─────────────────┐
│ Trusted Internal │
│ Network │
│ ┌───────────┐ │
│ │ IronClaw │ │
│ └───────────┘ │
└─────────────────┘
⚠️ Internal network trusted by default
Zero-Trust Model:
┌─────────────────┐
│ Trust No Components │
│ ┌─┐ ┌─┐ ┌─┐ │
│ │?│ │?│ │?│ │
│ └─┘ └─┘ └─┘ │
│ Verify every request │
└─────────────────┘
✅ Always verifyZero-Trust Principles:
- Never trust, always verify
- Principle of least privilege
- Assume already compromised
- Continuous monitoring and auditing
Core Features
1. WASM Skill Isolation
Each skill runs in independent sandbox:
Skill execution process:
1. User requests skill execution
↓
2. Permission check (authorized?)
↓
3. Launch WASM sandbox
↓
4. Load skill code in sandbox
↓
5. Execute skill (restricted environment)
↓
6. Return result
↓
7. Destroy sandboxSandbox Restrictions:
- Cannot access file system (unless authorized)
- Cannot access network (unless authorized)
- Cannot execute system commands
- Memory usage limited
- CPU usage limited
2. TEE Integration
Hardware-grade protection:
Standard Mode:
┌──────────────┐
│ IronClaw │
│ Operating System│
└──────────────┘
⚠️ Relies on OS security
TEE Mode:
┌──────────────┐
│ Encrypted Memory Area│
│ ┌────────┐ │
│ │IronClaw│ │
│ │ enclave│ │
│ └────────┘ │
└──────────────┘
✅ Hardware-grade isolation3. Permission System
Fine-grained permission control:
# Permission configuration example
permissions:
file_system:
read:
- /data/public/*
write:
- /data/output/*
deny:
- /etc/*
- /home/*
network:
allow:
- api.openai.com
- api.anthropic.com
deny:
- "*" # Deny all others by default
system:
execute: false
environment: false
process_list: false4. Audit Logging
Complete operation records:
[2026-03-21 10:30:15] Skill loaded: file_manager.wasm
[2026-03-21 10:30:16] Permission request: read /data/test.txt → Allowed
[2026-03-21 10:30:17] Permission request: write /etc/passwd → Denied
[2026-03-21 10:30:18] Network request: api.openai.com → Allowed
[2026-03-21 10:30:19] Skill complete: execution time 4.2sInstallation Guide
Prerequisites
| Requirement | Details |
|---|---|
| Operating System | Linux (recommended), macOS, Windows |
| Rust | 1.70+ (required for compilation) |
| TEE Support | Optional (when TEE functionality needed) |
Method 1: Pre-compiled Binary
# Linux
curl -L https://github.com/nearai/ironclaw/releases/latest/download/ironclaw-linux -o ironclaw
chmod +x ironclaw
./ironclaw
# macOS
curl -L https://github.com/nearai/ironclaw/releases/latest/download/ironclaw-macos -o ironclaw
chmod +x ironclaw
./ironclaw
# Windows (PowerShell)
curl.exe -L https://github.com/nearai/ironclaw/releases/latest/download/ironclaw-windows.exe -o ironclaw.exe
.\ironclaw.exeMethod 2: Source Compilation
# 1. Install Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# 2. Clone repository
git clone https://github.com/nearai/ironclaw
cd ironclaw
# 3. Build
cargo build --release
# 4. Run
./target/release/ironclawMethod 3: Docker Deployment
docker pull nearai/ironclaw:latest
docker run -d --name ironclaw \
-v ./config:/app/config \
-v ./data:/app/data \
--read-only \
--cap-drop=ALL \
nearai/ironclaw:latestTEE Configuration (Advanced)
# Intel SGX configuration
# 1. Install SGX driver
# 2. Configure SGX SDK
# 3. Create Enclave configuration
# ironclaw.toml
[tee]
enabled = true
provider = "sgx"
sgx_config = "/etc/sgx/config"Use Cases
🏦 Financial Services
Scenario: Banking, insurance, securities and other regulated industries
Security Requirements:
- Customer data protection
- Transaction record auditing
- Compliance requirements
- Insider threat prevention
IronClaw Solution:
Customer data processing:
├── TEE protects data processing
├── WASM sandbox isolates skills
├── Complete audit logs
└── Minimal privilege access🏥 Healthcare
Scenario: Hospitals, clinics, health technology companies
Compliance Requirements:
- HIPAA (USA)
- Personal Information Protection Law (China)
- GDPR (EU)
IronClaw Solution:
Medical record processing:
├── Encrypted storage
├── TEE processing
├── Access auditing
└── Permission control🏢 Enterprise Deployment
Scenario: Large enterprise knowledge management, office automation
Security Considerations:
- Trade secret protection
- Employee permission management
- Third-party skill risks
- Data leakage prevention
IronClaw Solution:
Enterprise knowledge base:
├── Department-level permission isolation
├── Skill whitelist
├── Operation auditing
└── Anomaly detection🔬 Research Institutions
Scenario: Research data processing, sensitive research
Security Requirements:
- Research data protection
- Collaborator access control
- Achievement confidentiality
System Requirements
| Component | Minimum Requirements | Recommended Configuration |
|---|---|---|
| CPU | 2 cores | 4 cores + TEE support |
| Memory | 512MB RAM | 2GB RAM |
| Storage | 50MB | 200MB |
| Operating System | Linux | Linux with TEE |
| TEE | Optional | Intel SGX/AMD SEV |
Comparison with Alternatives
| Feature | IronClaw | OpenClaw | NanoClaw | LocalClaw |
|---|---|---|---|---|
| Sandbox | ✅ WASM | ⚠️ Container | ✅ Container | ❌ |
| TEE | ✅ | ❌ | ❌ | ❌ |
| Zero-Trust | ✅ | ❌ | ⚠️ | ❌ |
| Auditing | ✅ Complete | ⚠️ Basic | ⚠️ Basic | ⚠️ Basic |
| Security Level | ⭐⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐ |
Pros and Cons Analysis
✅ Advantages
| Advantage | Description |
|---|---|
| WASM Sandbox | Skill-level isolation |
| TEE Support | Hardware-grade protection |
| Zero-Trust | Strictest security model |
| Complete Auditing | All operations traceable |
| Rust Implementation | Memory safety |
| NEAR Backing | Blockchain security expertise |
⚠️ Limitations
| Limitation | Description |
|---|---|
| Complexity | Setup and management are complex |
| TEE Hardware | Full security requires specific hardware |
| Small Ecosystem | Fewer skills and plugins |
| Performance Overhead | Sandbox and TEE have performance costs |
| Learning Curve | Requires security knowledge |
Pricing
IronClaw Software: Completely FREE (MIT License)
Potential Costs:
- TEE hardware (optional)
- Server/cloud hosting
- AI API fees
- Operations personnel
Community and Support
- GitHub: https://github.com/nearai/ironclaw
- Issue Feedback: https://github.com/nearai/ironclaw/issues
- Discussions: https://github.com/nearai/ironclaw/discussions
- NEAR AI: https://near.ai
- NEAR AI Blog: https://near.ai/blog
Sources
- NEAR AI Launches IronClaw
- Forbes: There's A New Claw In Town
- IronClaw: NEAR AI's Answer to the Trust Problem
- OpenClaw in Rust for Privacy and Security
License
MIT License - Free for personal and commercial use.
Summary
IronClaw is NEAR AI's high-security AI assistant, launched at NEARCON 2026:
- Rust-Based Security -- Built from scratch in Rust for memory safety
- WASM Sandbox -- Every tool runs in isolated WebAssembly containers
- Encrypted Vault -- Credentials isolated and never reach the AI model
- TEE Support -- Hardware-grade protection on NEAR AI Cloud
- Zero-Trust Architecture -- Strictest security model by design
- Complete Auditing -- All operations traceable and verifiable
- Open Source -- MIT license, fully auditable
- NEAR AI Backing -- Blockchain security expertise
Suitable For:
- ✅ Financial industry users
- ✅ Healthcare industry (HIPAA compliance)
- ✅ Enterprise security deployments
- ✅ Regulated industries
- ✅ High-security requirement scenarios
- ✅ Always-on AI agents with sensitive data access
- ✅ Users concerned about prompt injection attacks
Not Recommended For:
- ❌ Individual simple use
- ❌ Users without security expertise
- ❌ Pursuing simplest deployment
- ❌ Users prioritizing ease-of-use over security
Key Innovation: First AI agent runtime with cryptographic security at its core, designed specifically for the trust problem in always-on AI agents.
HiClaw
Alibaba's Matrix IM-based AI agent with Manager-Workers architecture. Higress AI gateway integration.
JoyAgent (JD Lingxi Claw)
JD Cloud AI agent platform for quickly building, publishing, and managing AI agent applications. Supports plugin system, knowledge base management, workflow orchestration.