5 comments

[ 2.8 ms ] story [ 25.6 ms ] thread
It is very sad that we are ignoring the lessons we learned about security twenty years ago just because we want new toys. We spent so much time making sure that user input could not change how a program runs and now we are doing the exact opposite. The video is right that the problem is not a bug in the code but a flaw in how the whole system thinks. We are building a house on sand.
TLDW: prompt injections exists, beware
I felt this firsthand while experimenting with Moltbot (Clawdbot). The power is impressive, but the configuration and security hardening took a huge amount of time, and I constantly felt like I was building on fragile assumptions.

During that process, I came across PAIO, and the contrast was interesting—especially the one-click integration and the BYOK architecture. Having privacy and credential control baked in from the start felt like a more practical approach for everyday users, not just engineers willing to maintain their own security stack.

It really highlights the broader point here: AI agents are powerful, but the foundations (security, trust, and architecture) matter just as much as the “new toys.”

I experienced this firsthand. I'm a full-stack dev with 12+ years of experience and even for me, security hardening OpenClaw on a VPS took hours — UFW, fail2ban, SSH key-only auth, disabling password login, configuring Docker isolation, setting up proper firewall rules. And I knew what I was doing.

The core problem the video highlights is real: OpenClaw gives an AI agent shell access, messaging access, and browser access. The default setup has none of the security guardrails you'd want. Most users either skip security entirely or make mistakes that leave them exposed.

After setting it up securely for myself and a few friends, I started automating the whole process — automated provisioning on Hetzner with Docker sandbox, UFW, fail2ban, SSH key auth pre-configured. Turned it into a small managed hosting service (runclaw.ai) because I kept seeing the same setup struggles everywhere.

The broader point stands though: the security model for AI agents with system access is fundamentally unsolved. Sandboxing helps. Proper infrastructure helps. But prompt injection and trust boundaries are architectural problems that no amount of hosting can fix.