Comment by darth_avocado

The security team at my company announced recently that OpenClaw was banned on any company device and could not be used with any company login. Later in an unrelated meeting a non technical executive said they were excited about their new Mac Mini they just bought for OpenClaw. When they were told it was banned they sort of laughed and said that obviously doesn't apply to them. No one said anything back. Why would they? This is an executive team that literally instructed the security team to weaken policies so it could be more accommodating of "this new world we live in."

Those people aren't the same. Those are two ideas that you heard from the internet, and you're imagining it's the same person talking.

Are you sure these are the same people and not new people that got hooked on hype?

Who are these developers that have both been "advocating for best practices" and also "seem to be completely abandoning all of them simply because it’s AI"? Can you point to a dozen blogs/Twitter profiles, or are you just inventing a fictitious "other" to attack?

They aren't. They're the ones who are resisting the all in thing on AI stuff. What you're seeing is over reactive trend followers.

> Really don’t understand why sane developers who for decades have been advocating for best practices when it comes to security and privacy seem to be completely abandoning all of them simply because it’s AI

The deep irony is that the email deletion victim is an "AI alignment specialist" at Meta, and she didn't consider this failure mode.

openclaw is the napster of itunes.

people who have been around long enough know that we're currently in the wild west of networked agentic systems. it's an exciting time to build and explore. (just like napster and early digital music.) eventually some big company will come along and pave the cow paths and make everything safe and secure. but the people who will actually deliver that are likely playing with openclaw (and openclaw-like systems) now.

Same "sane developers advocating for best practices" preached to the moon:

- Alexa (and other voice assistants) spy microphones in their homes;

- Internet connected:

    - locks;

    - door, bedroom, living room cameras;

    - lights, appliances and whatnot;

Giving full and unfettered control to their personal computer with all its accounts, apps, etc does not surprise me at all.

I wonder what anthropologists will write about us these days 100 years in the future. What is super creepy and super illegal to do for a physical individual, but is given a blank check from society to be done by tech corporations at unimaginable scale.

EDIT: also corporations (from my social bubble) are giving (almost) unfiltered access to their data from LLMs (and probably soon a control of that data through "Claw" trend), that would be instantly fireable offence for any employee.

Imagine giving enterprise access to some Joe-Claw from the street and allowing him to press any buttons he wants..

I agree with a lot of the siblings that it's probably not the same people. But for the overlap that probably does exists, I don't think "because it's AI" is their reasoning. If I were to guess, I'd say it's something closer to "exploring the potential of this new thing is worth the risk to me".

Lots of developers have been flippant for a long time when it comes to the security of the systems they use and violate best practices on a regular basis, often for convenience. Developer ≠ sensible with personal security.

There’s still sane people out there, I’m one of them, watching this gigantic trash heap ready to go up in flames. It’s not just OpenClaw either, it’s everything. Nobody is paying any attention and when it goes wrong it’s going to be an absolute catastrophe.

I'm enthusiastic about AI (it's gone from the 2nd most important thing to happen in my career to tied for first, with the Internet) and I am baffled by OpenClaw.

> why sane developers who for decades have been advocating for best practices when it comes to security and privacy seem to be completely abandoning all of them

I'm a sane developer. I do not trust AI at all. I built my own personal OpenClaw clone (long before it was even a thing) and ran controlled experiments inside a sandbox. My stack is Elixir, so this is pretty much easy. If an agent didn't actually respect your requirements, it's just as easy as running an iex command to kill that particular task.

In my experience, AI, be it any model - consistently disobeys direct commands. And worse, it consistently tried to cover up its tracks. For example, I will ask it to create a task within my backend. It will tell me it did - for no reason at all, even share me a task ID that never existed. And when asked why it lied, it would actually spin the task up and accuse me of not trusting it.

It doesn't matter which vendor, which model. This behaviour is repeatable across models and vendors. Now, why would I give something like this access to my entire personal and professional life?

To group me and others like me with the clowns doing this is an insult to me and others who have accumulated decades of experience and security best practices and who had nothing to do with OpenClaw.

> developers who for decades have been advocating for best practices when it comes to security and privacy seem to be completely abandoning all of them simply because it’s AI

Risk and reward. That balance, currently, seems tipped to favour risk taking. (Which in turn encompasses both boldness and recklessness.)

Was building a claw clone the other day when for debugging I added a bash shell. So I type arbitrary text into a Telegram bot and then it runs it as bash commands on my laptop.

Naturally I was horrified by what I had created.

But suddenly I realized, wait a minute... strictly this is less bad than what I had before, which is the same thing except piped through a LLM!

Funny how that works, subjectively...

(I have it, and all coding agents, running as my "agent" user, which can't touch my files. But I appear to be in the minority, especially on the discord, where it's popular to run it as the main admin user on Windows.)

As for what could go wrong, that is an interesting question. RCE aside, the agentic thing is its own weird security situation. Like people will run it sandboxed in Docker, but then hook it up to all their cloud accounts. Or let it remote control their browser for hours unattended...

https://xkcd.com/1200/

You must not say his name. If you say it, you will summon him.

Developers with and without devops experience.

This is The difference between technical and nontechnical audience

Relevant xkcd https://xkcd.com/2030/

Honestly it’s been a breath of fresh air to have most of the gatekeeping in software be removed.

Seems that it was by and large just people wanting to feel important, and holding onto their positions.

Apps need great security, but security can also get out of control. Apps need good abstractions and code hygiene but that too can get out of control.

I’ve fallen in love with programming all of again now that I’m not so tied down by perceived perfection.

It's greed.

The bar for working security at Meta doesn't seem that high

[dead]

"ever" is the key word. Like driving, we as humans will cede control, at some point, to AI.

> Why would you ever let a non deterministic program god level access to everything?

If they don't their jobs are going to get replaced by AI

Because security isn't the be-and-end-all, it has to serve the goals of the business and its customers.

Customers say that they want security with their mouths, but they say that they want features with their wallets. The best improvement to computer security you can make is turning the computer off, but this is clearly not what your (non-HN) customers want you to do.

AI has serious security risks (E.G. prompt injection), but it lets you deliver customer value a lot faster. Security doesn't matter if the competitors' technology is so much better that nobody is buying yours.