what worries me here is that the entire personal AI agent product category is built on the premise of “connect me to all your data + give me execution.” At that point, the question isn’t “did they patch this RCE,” it’s more about what does a secure autonomous agent deployment even look like when its main feature is broad authority over all of someone's connected data?

Is the only real answer sandboxing + zero trust + treating agents as hostile by default? Or is this category fundamentally incompatible with least privilege?

yikes

> “did they patch this RCE,”

no, they documented it

https://docs.openclaw.ai/gateway/security#node-execution-sys...

So that's shifting the responsibility to users. And likely many users tools don't understand what those words mean.

All these companies/projects break decades of our security practice and sell you AI browser, AI agent for... I don't know what?

"productivity and optimization of your life" i guess? lol

yeah fair, but “documented” isn’t really a mitigation... most people are gonna run defaults, so defaults basically are the security model imo

I'm not saying that "well we stated that our tool is designed as an RCE exploit" is, uh, better

haha fair "we've designed a fully exploitable agent and we can't wait to share it with the world" :')

We need more Windows' "Are you sure you want XXX to make changes to your computer? (no I can't tell you what changes, but trust me.)"

/i

haha yea “are you sure?” doesn’t work when the agent’s action space is huge and incredibly opaque

The true "AI" agent fan probably is sure, though.

maybe personal AI agents are just a massive psyop to get the massive population of true fans' data then lol - or we just get new security tools that can keep up with this pace of AI innovation. who knows

The "AI" agent suppliers need to up their security game. Until their products stop leaking PPI/PCI for free, they will never succeed in monetising it.

:)