The hype surrounding OpenClaw is growing.
More and more non-techies are installing these programs with the hopes ‘it will do the work for them’… and are instead leaving themselves and their data at risk. Before installing an autonomous looping agent, one needs to know what these systems can and can not do, how they work and what can go wrong…
Installation requires system user and network level access protections. You will need to be able to monitor and manage the reliability of the agent, and most importantly handle disaster recovery scenarios…
Running any ‘fully autonomous agent’ that is ‘integrated fully or in part with current LLM based A.I. systems’ WILL AT SOME POINT FAIL… with effects ranging from Total Data Loss to Incorrect Data interpretation and Data Corruption not to mention the potential legal and regulatory violations if things ‘go wrong’.
Right now “Fully Autonomous” A.I. Agents (like OpenClaw) are still very much in experimental stages of development, security and use testing.
If anyone is trying to ‘automate’ something with AI Agents and prompts – they can probably do it safer and more reliably with purposefully written code….
Jonno Says:
For those that must live on the cutting edge of tech, but are not technical or are overly curious, never install an AI Agent on your primary work or personal machine unless you understand exactly what is at stake. It must run under it’s own user and be locked down without administrative permissions. If you are going to experiment with the tech do it properly on a stand alone ‘throw away’ system running on an isolated network or sub-net so it can’t connect to other devices on your network…
The Hard Truth About Agentic AI
Giving a non-deterministic ‘agent’ full control over your system + unfettered access to your files is, quite frankly, ludicrous.
The temptation to let AI “do the work” is strong (some say ‘the bait’), but unless one is a security expert operating in a controlled test environment, proceed with extreme caution… The risks are many and varied!
Some Critical Deployment Guidelines
If you are going to experiment with OpenClaw or any Autonomous Agents, stick to these hard-line Zero Trust security protocols:
Isolate Everything:
Connect OpenClaw only to isolated, locally hosted LLM systems. This system should be containerized and secured. I choose to install on factory reset Linux OEM ensuring complete clean system base with snapshot backups, running on isolated sub-net and no inbound network connectivity. In my experiments the only external connectivity I allowed was to locally hosted LLM + outgoing connections to the Internet for email, calendar and address book access with READ ONLY permissions.
Third-Party LLM Risks:
Understand that connecting to external LLM APIs (like Gemini, ChatGPT, or Claude) hands significant oversight and control of your system and shares ALL TRANSMITTED DATA with those third-party actors. Sending client data to these system must be disclosed in your Privacy Policy accordingly. There are legal implications for divulging client data outside your organisation without client knowledge.
Use tokenisation of any redacted data if you must use outside LLMs.
You will need custom coded and fully tested security filters, prompt filters, and secured and authenticated data pipelines before you can reliably and securely deploy an agent. There is of course a lot more on top of this, but crucially, any in production A.I. connected systems must not have access to edit the code or underlying systems managing any security, user access controls or process filters.
If an agent thinks disabling a security check or bypassing a filter is a way to complete a task it has been assigned, it will try to get access or rewrite the code – I’ve seen it happen… too many times…
Choose Locked Down and Tested Code and ‘Hybrid Code + AI’ over ‘Fully’ Agentic systems = most ‘automated tasks’ can ALREADY be done with custom written, predictably executed code.
My experiments with simple email tasks managed by Agents showed me undeniably that a well written Hybrid Code + AI system will perform much more efficiently and reliably than a fully agentic email operator…
Jonno says:
AI should ‘augment’ software where it makes sense and ONLY where ‘AI failures’ have would have minimal ‘acceptable’ impact on operations. RESTORING FROM BACKUPS SHOULD NOT BE AN ACCEPTABLE OPTION! (jokes)
Develop for reliability, predictability and most of all: security.
The Sandbox Rule:
Treat OpenClaw and all agentic systems like a high-risk experiment. Use complete network isolation and hard-coded security boundaries. Filter and log everying. Do not let it connect to any production networks – setup that isolated subnet!
AI is a powerful ally until it becomes a liability. Don’t trade your system security and privacy for a bit of automated convenience. Get experienced advice and run rigorous implementation tests before you consider deployment.
Hope this helps!
(note: this article was re-written with the help of Google Gemini. Some other models flat out refused to take this hard line stance and always down-played all the risks in clever ways… was interesting to read the bias / smoothness – lol)