Conversation
Highlights

How OpenHands Got Inside Major Banks Before Their Competitors Finished the Security Review

The Devin demo changed everything.

In early 2024, Cognition released a video showing their AI agent autonomously completing software engineering tasks end-to-end. The developer community watched it go viral with a mixture of excitement and unease — a powerful technology was being built behind closed doors, by a company nobody had heard of, with no avenue for the engineering community to shape how it evolved.

Robert Brennan, Co-Founder and CEO of OpenHands, watched the same video and moved the next day.

“The development community needs a way to contribute to this change,” Robert said in a recent episode of BUILDERS. “If our jobs are going to be changing this drastically, we need a say in how that change happens.”

He and his co-founders launched an open source alternative called Open Devon within 24 hours. It was renamed OpenHands once they decided to commercialize — but the sequence matters: community first, company second. That order of operations became the structural foundation for everything that followed, including how they acquire customers today.

The Procurement Wedge Nobody Planned For

OpenHands wasn’t designed with regulated industries as the target. Banks, insurance companies, and healthcare organizations showed up on their own — and faster than any outbound motion could have produced.

The reason is structural, not relational. Closed-source AI vendors face a full procurement gauntlet at regulated companies: security reviews, legal sign-offs, vendor onboarding processes that routinely run twelve months or longer. Open source sidesteps most of it. Engineers at major financial institutions carry blanket approval to bring open source software in-house, provided they follow an established internal rulebook. No sales call. No security team sign-off. No waiting.

“We got our foot in the door at a bunch of large banks much faster than any of the vendors could,” Robert said, “because they didn’t need to talk to a salesperson, they didn’t need to talk to their security team.”

OpenHands was running active conversations inside major banks before competitors had cleared procurement. That signal — who was adopting fastest and why — defined the ICP. Not from a planning session, but from watching the market reveal a pattern and committing to it hard.

The fit ran deeper than speed. One large US bank stated it plainly: they would not consider a closed-source solution. They needed to look under the hood, understand what the system was doing, and run everything inside their own infrastructure. Data sovereignty, air-gapped deployment, on-premise language models — these weren’t preferences. They were the criteria that determined whether a vendor got evaluated at all. OpenHands, as open source, cleared that bar before the first conversation.

A Year-Long POC. Closed in Six Weeks.

Commercial traction exposed the problem most founder-led sales teams eventually hit: motion without structure.

OpenHands had been running a proof of concept with a major US bank for nearly a year. Engineers were using the software. Conversations were ongoing. Nothing was closing. As Robert described it: “We were just kind of giving them the software and saying, do you like it? Do you want to sign? Are you ready yet? Oh, you’re not ready yet? Okay, we’ll keep giving it to you for free.”

When their CRO joined, he applied a different framework to the same account. He defined success criteria before the work continued, structured a path to close, and made the conditions explicit: once they proved X, Y, and Z, the customer would buy. Six weeks later, the deal was signed.

That same discipline restructured how OpenHands handles every enterprise engagement. Their CRO built a four-bucket qualification framework mapping prospects on two axes: company size and AI maturity. Small, low-maturity companies get redirected to the open source project — no sales call scheduled. High-maturity companies, regardless of size, get prioritized and moved fast.

The genuinely difficult bucket is large enterprises with low AI maturity. The contract potential is significant, but without guardrails these accounts absorb unlimited founder time. OpenHands’ response: structured POCs with a defined menu of paths, explicit success criteria, and a hard 30-to-60-day cutoff. After that, the prospect takes it or walks away.

Maturity itself gets assessed through specific signals. The clearest one: whether the company has a dedicated developer productivity or AI-for-developers team — and whether that team, not a general engineering manager, is the one on the call. “The most mature companies have an AI team for developers,” Robert explained. “If we’re working with one of those teams, we know we’re in a high maturity organization.”

The Pipeline That Runs Without a Sales Team

Most of OpenHands’ pipeline intelligence builds itself, through three distinct layers.

GitHub interactions surface which companies have engineers actively engaging with the repo — filing issues, opening pull requests, asking questions. These are the warmest signals possible: people already using the software, already invested enough to interact publicly.

Slack membership maps who has crossed from passive awareness into active community participation. And documentation traffic — tracked by IP address — reveals which organizations have significant engineering attention pointed at the platform before any commercial conversation has started.

“We can see what companies are in our docs based on their IP address,” Robert explained. “There’s 50 developers at this particular company who are all looking at our docs… we can start to zero in there.”

The compounding asset underneath all of it is contributor ownership. When an engineer gets a pull request merged into the project, something shifts. “Once somebody gets their code merged into the project, they’re bought into it, they now feel a sense of ownership,” Robert said. “They’re going to be a champion for you for a very long time.”

That dynamic — contribution creating advocacy, advocacy driving the next engineer at the same company into the funnel — is what makes the open source community self-reinforcing as a pipeline source. It also creates the central operational tension Robert is direct about: as paying customers scale up, the gravitational pull is to focus entirely on them. Resisting that pull, keeping the PR queue moving, maintaining response quality on issues — that’s what keeps the top of the funnel alive.

The Commercial Line That Makes All of It Work

None of the above functions without one foundational decision made at the start: a hard, public, permanent line between what stays open source and what requires payment.

For OpenHands, everything goes into the open source — including research. The commercial trigger is cloud scale and integrations with work tooling: Slack, Jira, Linear. Individual developers can run the latest agentic technology on their laptops for free, indefinitely. Teams that want to scale into the cloud and connect their existing workflows start paying.

That clarity does two things simultaneously. It gives the community certainty — they know exactly what they can rely on in perpetuity, which is why trust compounds over time rather than eroding. And it creates a natural, structurally obvious upsell: any team that gets value from the open source and wants to scale will eventually cross the commercial line on their own.

The cautionary examples are well-documented. Docker created genuinely world-changing technology and captured only a fraction of the value. Other companies changed their licenses under commercial pressure and burned the communities that built their distribution. Robert’s team set the line at founding and has held it. The community, as a result, remains the engine.