| ▲ | simonw 8 hours ago |
| The first company to deliver a truly secure Claw is going to make millions of dollars. I have no idea how anyone is going to do that. |
|
| ▲ | _pdp_ 8 hours ago | parent | next [-] |
| There are secure alternatives but they are not making millions of dollars. |
| |
| ▲ | simonw 8 hours ago | parent [-] | | Which secure alternatives? I've not seen any yet. | | |
| ▲ | _pdp_ 8 hours ago | parent [-] | | Connecting telegram to an agent with a bunch of skills and access to isolated compute environment is largely a solved problem. I don't want to advertise but here but plenty of solutions to spin this up, including what we have built. | | |
| ▲ | feznyng 7 hours ago | parent | next [-] | | That isn't secure is the issue, the more things you have it hooked up to the more havoc it can cause. The environment being locked down doesn't help when you're giving it access to potentially destructive actions. And once you remove those actions, you've neutered it. | | |
| ▲ | _pdp_ 7 hours ago | parent [-] | | The openclaw security model is the equivalent of running as root - i.e. full access. If that is insecure the inverse of it is running without any access as default and adding the things that you need. This is pretty much standard security 101. We don't need to reinvent the wheel. | | |
| ▲ | simonw 6 hours ago | parent [-] | | The unsolved security challenge is how to give one of these agents access to private data while also enabling other features that could potentially leak data to an attacker (see the lethal trifecta.) That's the product people want - they want to use a Claw with the ability to execute arbitrary code and also give it access to their private data. |
|
| |
| ▲ | lemming 7 hours ago | parent | prev [-] | | But if it doesn’t have access to the network, then it’s just not very useful. And if it does, then it’s just a prompt injection away from exfiltrating your data, or doing something you didn’t expect (eg deleting all your emails). |
|
|
|
|
| ▲ | ares623 8 hours ago | parent | prev | next [-] |
| That's easy. We just keep pumping these things and remind everyone that there's no real consequences (at least to the people who actually matter) and what was previously agreed as super important and critical will eventually turn out to no longer be super important or critical. Lethal trifecta solved. Who cares if your agent is forwarding private and confidential emails to random people, if everyone else is doing it too. Syndrome from the Incredibles movie won, and we helped make it happen. In fact, we made sure of it. |
|
| ▲ | aminebnk 7 hours ago | parent | prev [-] |
| [dead] |
