Loading the catalogue…
Loading the catalogue…
NousResearch is a private, US-incorporated open-weights lab that publishes all Hermes model weights freely under Llama Community and MIT licences, with a deliberate design philosophy of reduced refusals and maximum user steerability — a posture that generates strong open-source community adoption but creates material EU AI Act compliance gaps and output-governance obligations for regulated-sector deployers. It is fully CLOUD Act and FISA §702 exposed with no EU legal entity, no published GDPR compliance posture, and a portal privacy policy that explicitly collects user conversation data for model training without identifying a lawful basis — compounding risks for any EU customer using the hosted Nous Portal or chat interface. Self-hosted deployment of Hermes weights (e.g. via Stav's EEA infrastructure) avoids most of these data-path risks, but EU operators must implement their own content-governance layer given the models' deliberately minimal built-in guardrails.
US-incorporated entity, fully exposed to CLOUD Act compulsion and FISA §702 orders. No EU legal entity, no EU data processing infrastructure, and no SCCs, adequacy decisions, or GDPR data transfer mechanisms published. EU regulated-sector customers face direct data sovereignty risk when using portal.nousresearch.com, Nous Chat, or any hosted API endpoint.
No EU AI Act compliance statement, no GPAI Code of Practice participation, and no structured GPAI transparency template published. GPAI obligations (Article 53) became enforceable 2 August 2025. NousResearch distributes Hermes models to EU users and operates a portal collecting EU user data; compliance with Article 53 transparency and copyright-policy obligations cannot be confirmed.
Portal privacy policy explicitly states user conversation data is collected and used to train models. No GDPR lawful basis stated, no data subject rights procedure described, no opt-out mechanism, no DPO named, no DPA offered. EU enterprise customers using the hosted portal API or Nous Chat may be transferring personal data to a US entity without adequate GDPR safeguards.
Hermes models are explicitly designed as minimal-guardrail. Hermes 4 scored 57.1% on RefusalBench; Hermes 4.3 scored 74.6% — complying with requests that mainstream aligned models refuse. EU regulated-sector deployers must implement their own output filtering and content governance controls, adding material compliance burden under the EU AI Act, the GDPR, and sector-specific regulations (MiFID II, MDR, etc.).
No SOC 2, ISO 27001, or equivalent security certification found. No formal bug bounty programme or responsible disclosure policy published. CVEs have been identified in the Hermes Agent software (CVE-2026-48710) and are patched reactively in release notes, but no coordinated disclosure programme exists.
The Psyche Network introduces blockchain-coordinated decentralised training on Solana with token-incentivised GPU contributors worldwide. Hermes 4.3 was trained this way. Training data integrity and contributor behaviour across geographically distributed GPU nodes are harder to audit than in a centralised lab; adversarial gradient injection is a theoretical supply-chain risk not present in conventional AI labs.
Hermes 4.3 is built on ByteDance's Seed 36B base model. ByteDance is subject to PRC law and potentially national-security-driven data and IP obligations. EU enterprises deploying Hermes 4.3 should independently assess the ByteDance Seed licence terms and geopolitical supply-chain risk.
Hermes 3/4 fine-tunes are based on Meta Llama and subject to the Meta Llama Community Licence, which prohibits training competing foundation models and imposes a >700M MAU commercial threshold. EU enterprises fine-tuning or redistributing Hermes weights should verify licence compliance for their specific deployment.
Stav AI Act assessment
Editorial assessment, not legal advice. Stav's risk ratings, scores, and verdicts are our own analysis of publicly available information and may be incomplete or out of date. Verify independently before making compliance or procurement decisions.
Published a 94-page Hermes 4 Technical Report (arXiv:2508.18255) with full training data composition, benchmark methodology, actual model outputs, and evaluation details — VentureBeat noted it sets a high standard for benchmarking transparency among open-source labs.
All Hermes model weights are released publicly on HuggingFace under open licences, enabling independent evaluation, red-teaming, and fine-tuning. EU deployers can self-host inference in sovereign EEA infrastructure without any data touching NousResearch's servers.
Hermes Agent (MIT licence, self-hosted) has an explicit zero-telemetry, local-only architecture. Hermes Desktop documentation describes container hardening, read-only root filesystems, dropped capabilities, namespace isolation, and a pre-execution scanner for terminal commands.
Exceptional open-source community traction: Hermes Agent reached 95,000+ GitHub stars within 7 weeks of launch (February 2026); v0.15.0 shipped May 2026 with 321 community contributors; cumulative Hermes downloads exceeded 55M. Breadth of adoption provides robust community-based security scrutiny.
Published peer-reviewed and arXiv research including DeMo (Decoupled Momentum Optimization, co-authored with Diederik P. Kingma, co-inventor of Adam optimizer), DisTrO, Hermes 3 Technical Report, and Atropos RL framework — demonstrating genuine technical depth beyond model releases.
Actively scaling with no layoffs, leadership changes, or wind-down signals. Hermes Agent featured by Jensen Huang at NVIDIA GTC Taipei 2026 keynote alongside RTX Spark launch; confirmed by official NVIDIA press release as an integrated Windows AI agent. Two-week release cadence sustained throughout 2026.
Privacy policy review
Creator profile
We are dedicated to advancing the field of natural language processing, in collaboration with the open-source community, through bleeding-edge research and a commitment to symbiotic development.
Stav editorial summary
NousResearch is a United States entity. Training data and weights produced under United States-jurisdiction are covered by the CLOUD Act.
Exposed on training. Inference is unaffected when hosted on Stav infrastructure inside the EEA.
Stav compliance has not yet scored NousResearch. Scores are published once the policy review and infrastructure assessment complete.
Release Date: June 5, 2026 Since v0.15.2: 874 commits · 542 merged PRs · 1,962 files changed · 205,216 insertions · 46,217 deletions · 399 issues clos...
Hermes Desktop by Nous Research is the native desktop app version of Hermes Agent, first demoed by Jensen Huang at the NVIDIA GTC keynote and now in p...
This robust security and privacy layer is being adopted by leading agent developers such as Hermes Agent and OpenClaw in their new Windows apps.
Founded in 2023 by CEO Jeffrey Quesnelle, Head of Behavior Karan Malhotra, Head of Post Training "Teknium" and Shivani Mitra, Nous Research is an open...
Unlike models from OpenAI, Google, or Anthropic, Hermes 4 is designed to respond to nearly any request without the safety guardrails that have become ...
NousResearch publicly warned against unofficial 'NOUS' tokens on Solana DEXes (April 2026), demonstrating a baseline level of governance transparency and willingness to protect potential users from fraud even absent formal compliance infrastructure.
Published safeguards & certifications
Hermes 4 leads RefusalBench in reasoning mode at 57.1%, indicating far fewer refusals than many frontier models, with the benchmark using conditional ...
It was released August 25, 2025 and is built on ByteDance's Seed 36B base model. The notable departure from prior Hermes releases: Hermes 4.3 was trai...
Quote · Nous Research · @NousResearch · · · Jun 1 · We have been working closely with @nvidia to ensure Hermes Agent works smoothly on their new @NVID...
See the Hermes 4 collection to explore them all: https://huggingface.co/collections/NousResearch/hermes-4-collection-68a731bfd452e20816725728 · @misc{...