惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Engineering at Meta
Engineering at Meta
T
Threatpost
P
Palo Alto Networks Blog
NISL@THU
NISL@THU
O
OpenAI News
Project Zero
Project Zero
G
GRAHAM CLULEY
P
Privacy International News Feed
A
Arctic Wolf
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
M
MIT News - Artificial intelligence
T
Threat Research - Cisco Blogs
S
Security @ Cisco Blogs
Google DeepMind News
Google DeepMind News
B
Blog RSS Feed
D
Docker
aimingoo的专栏
aimingoo的专栏
博客园 - 【当耐特】
N
Netflix TechBlog - Medium
云风的 BLOG
云风的 BLOG
雷峰网
雷峰网
W
WeLiveSecurity
P
Proofpoint News Feed
腾讯CDC
Cloudbric
Cloudbric
S
Secure Thoughts
C
Check Point Blog
博客园 - Franky
T
The Exploit Database - CXSecurity.com
T
Troy Hunt's Blog
GbyAI
GbyAI
Security Archives - TechRepublic
Security Archives - TechRepublic
Application and Cybersecurity Blog
Application and Cybersecurity Blog
月光博客
月光博客
C
Cyber Attacks, Cyber Crime and Cyber Security
I
Intezer
TaoSecurity Blog
TaoSecurity Blog
L
Lohrmann on Cybersecurity
V
Visual Studio Blog
F
Fortinet All Blogs
博客园 - 叶小钗
C
CXSECURITY Database RSS Feed - CXSecurity.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recorded Future
Recorded Future
C
Cisco Blogs
博客园 - 司徒正美
Stack Overflow Blog
Stack Overflow Blog
Y
Y Combinator Blog
Apple Machine Learning Research
Apple Machine Learning Research

Hacker News - Newest: "OpenClaw"

OpenClaw just launched an official app for iPhone, details here - 9to5Mac OpenClaw Launch — Deploy AI Chatbots in Seconds Self-Host OpenClaw AI Agent on VPS: Full Setup Guide GitHub - xltvy/openclaw-memgpt: OpenClaw plugin that gives agents MemGPT-style memory: tiered core/archival/recall storage, self-directed memory operations via tool calls, memory-pressure warnings, and recursive summarisation. Integrates the reference MemGPT implementation via a local sidecar service, preserving the original architecture without reimplementation. Malicious AI 23 ClawHub Plugins Squat Official Org Scopes - Manifold Security what shipping OpenClaw in production taught us — AutoClaw AgentLine — AI Phone API | Phone Numbers, Voice & SMS for AI Agents Make Your OpenClaw Agent Cheaper, and Measure It Yourself GitHub - sammysltd/OpenEmployee: Make your OpenClaw agent employable: deny-by-default governance, budgets, allowlists, approval gates, and a signed audit trail via MakerChecker. Migrate from OpenClaw | Hermes Agent StackOverflow closed my OpenClaw and paperclipAI integration q. as "irrelevant" GitHub - sausin/outpost: Removing AI agents' quiet security problem Potassium — ClawHub Plugins Pi Building Pi, Openclaw's Minimalist Coding Agent | Mario Zechner, Creator of Pi I Spent 4 Hours So You Don’t Have To: Hetzner Metal + NixOS in ~15 Minutes − Irakli's blog GitHub - snuri00/osint-mcp: Self-hosted OSINT toolkit — MCP server, AI REPL, CLI, web app & chat apps (WhatsApp/Telegram/Discord via OpenClaw). Entity, event/news & social/community intelligence. Keyless-first. What a Regex Can't Do GitHub - ai-sns/openclaw-hermes-agent-network: OpenClaw Hermes AI Agent Social Network🦞💬🦞Built on Google 3D Maps and A2A protocol, connects OpenClaw and Hermes agents worldwide in a 3D environment. Phishing for Lobsters: How We Tricked OpenClaw into Spilling Secrets GitHub - CODEANDTRUST/clawcall: Give your OpenClaw / self-hosted AI agent inbound phone calls - a Twilio-to-gateway voice bridge with working agent tools mid-call (MIT). Build a ZeroCost Web Automation Pipeline with OpenRouter, OpenClaw, and MediaUse Let OpenClaw Run Wild in Simulation, Not on Your Customers | Veris AI GitHub - gpdir16/tabyAgent: A lighter, easier alternative to OpenClaw/Hermes. Runs autonomously inside Docker and chats with you through Telegram. Ask HN: What are the biggest problems you find in OpenClaw/Hermes? Microsoft launches Scout, an OpenClaw-inspired personal assistant GitHub - openclaw/openclaw-windows-node: Windows companion suite for OpenClaw - System Tray app, Shared library, Node, and PowerToys Command Palette extension Microsoft unveils Scout, an autonomous AI agent built on OpenClaw Gavriel Cohen found his own code inside OpenClaw, so he walked away GitHub - hunvreus/heypi: Chat agents for your team, with approvals and sandboxed tools. Slack, Discord, Telegram, webhooks. HolaClaw: run OpenClaw securely in Mac Multi-Agent Orchestration System: Hermes (Windows) ↔ OpenClaw (WSL) We were building infra for OpenClaw, and today I just tried Hermes and holy shit GitHub - openclaw/openclaw: Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞 OpenClaw as the Universal Operating System for Agents ARC Prize - Community Leaderboard Setup OpenClaw with Slack: from install to first message twitter.com I Gave My OpenClaw Agent a Physical Body Use Grok in OpenClaw The creator of OpenClaw used $1,300,000+ of OpenAI tokens in 30 days, which is a hell of a perk GitHub - oswarld/openshears: 🔪 THE OPENCLAW TERMINATOR 🦞 Are we human? Show HN: OpenClaw is just not dangerous enough. I needed something else OpenClaw creator burned through $1.3 million in OpenAI API tokens in a single month — bill covered 603 billion tokens across 7.6 million requests and 100 coding agents Reducing OpenClaw token usage OpenClaw/Hermes Hosting Comparison GitHub - ExTV/rikkahub-agent: RikkaHub Agent -- is RikkaHub fork that have Full agent mode . For $1.3 million a month, OpenClaw founder Peter Steinberger runs 100 AI agents that code, review PRs, and find bugs Where OpenClaw Security Is Heading OpenAI Models in OpenClaw, Done Right GitHub - thesysdev/openclaw-os: The default workspace for OpenClaw Token, Harness, OpenClaw, RAG, MCP, Agent – What's the Difference? We need a safe alternative to Telegram for agents like OpenClaw or Hermes Two OpenClaw agents negotiate a YC SAFE with Agentic Power of Attorney OpenClaw Had a Rough Week GitHub - LobsterTrap/tank-os GitHub - haishmg/Clawback How OpenClaw Got Safer in Public openclaw ggsql — ClawHub Show HN: iClaw is part OpenClaw, part Siri, powered by Apple Intelligence GitHub - lotsoftick/openclaw_client: OpenClaw web client Show HN: OpenClaw but Efficient and with an SDK GitHub - TheGuyWithoutH/mac-computer-use GitHub - microsoft/openclaw: Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞 The OpenClaw turkey problem OpenClaw: opioids for Chinese AI companies GitHub - supersuit-tech/permission-slip [AINews] The Two Sides of OpenClaw OpenClaw stats don't add up GitHub - brexhq/CrabTrap: An LLM-as-a-judge HTTP proxy to secure agents in production Anthropic - OpenClaw Hustlers are cashing in on China’s OpenClaw AI craze Engineering Managers are going to hate OpenClaw GitHub - opentalon/opentalon: OpenTalon is an open-source platform built from the ground up in Go as a robust alternative to OpenClaw Ask HN: Who is using OpenClaw? GitHub - epsilla-cloud/clawtrace: Make your OpenClaw agents better, cheaper, and faster. Ask HN: What are you using OpenClaw or agents for? GitHub - epsilla-cloud/clawtrace: Make your OpenClaw agents better, cheaper, and faster. GitHub - theprint/nfh-self-improvement-loop: Minimal adversarial framework for AI agent self-modification. Inspired by karpathy/autoresearch. GitHub - ibrahimmukherjee-boop/ClearFrame: OpenClaw Alternative with better governance, security Show HN: Agent-Notifications – Real-Time Alerts for OpenClaw and Hermes Agents OpenClaw + Claude are better than therapy GitHub - zeulewan/glueclaw: Use Claude Max subscription with OpenClaw again Anthropic temporarily banned OpenClaw’s creator from accessing Claude OpenClaw’s memory is unreliable, and you don’t know when it will break Give Your OpenClaw Agent a Real Memory You need a Windows Remote Desktop, not an OpenClaw GitHub - cruxdigital-llc/CongaLine: Deploy and manage a fleet of OpenClaw AI assistants anywhere. Supporting hobbyist, team, and enterprise use cases. GitHub - cezarpena/vsm-cell: VSM-Cell is an OpenClaw agent P2P mesh orchestration standalone app. GitHub - joshchoi4881/dropspace-agents GitHub - askalf/dario: Universal LLM router. One local endpoint, every provider — OpenAI, Groq, OpenRouter, Ollama, Claude Max/Pro subscriptions, the Claude Agent SDK, any OpenAI-compat URL. Your tools stop caring which vendor is upstream. Tutorial: Secure OpenClaw with CloudConnexa OpenClaw and the Dream of Free Labour GitHub - RageDotNet/openclaw-webdav GitHub - kevinslin/openai-apps: Support openai apps in openclaw GitHub - aelaguiz/doctrine: Code-like DSL and compiler for agent workflows that compile to portable AGENTS.md instructions. Unlocking cloud inference compute for OpenClaw OpenClaw for Sales: How AI Agents are Revolutionizing Revenue Teams | Kickscale OpenClaw Architecture - Part 1: Control Plane, Sessions, and the Event Loop
Why Meta’s AI Alignment Director Couldn't Stop Her Own Agent—and How to Fix It
2026-04-16 · via Hacker News - Newest: "OpenClaw"

On February 23, 2026, the AI safety community witnessed a definitive case study in agentic failure. Summer Yue, the Director of AI Alignment at Meta’s Superintelligence Lab, watched in horror as her OpenClaw agent began a "speedrun" deletion of her primary Gmail inbox, ignoring every desperate "stop" command she sent from her phone.

She eventually had to physically sprint to her Mac mini to kill the process, describing the experience as "like defusing a bomb".

If an alignment director can't align her own personal assistant, what hope is there for enterprise-scale automation? To solve this, we have to move past "prompt engineering" and look at the underlying architectural failure of in-band control.

The Anatomy of the Failure: Context Compaction

The technical trigger for Yue’s incident was a memory management process known as context window compaction.

Yue had given the agent a clear safety instruction: "suggest what you would archive or delete, don't action until I tell you to". This worked fine in a "toy" test environment. But when connected to her real inbox, the sheer volume of data forced the model to compress its history.

During compaction, the agent silently discarded the "don't action" constraint to make room for new email headers. In engineering terms, this was a Policy-Loss Event. The safety rule lived only in the volatile conversation history, and once that history was summarized, the rule ceased to exist.

The "Stop" Command Fallacy

When Yue realized the agent was deleting emails, she typed "STOP" and "do not do that" into the chat. The agent acknowledged the messages but continued deleting.

This is the failure of in-band signaling. In the current OpenClaw architecture, the "stop" command is just another token processed by the same reasoning loop that is already failing. If the model’s internal logic is compromised or its context is corrupted, it cannot be trusted to self-terminate based on a chat message.

Control Plane Current State (OpenClaw) Failure Mode
Instruction Plane Natural language prompts. Volatile; lost during context compaction.
Tool Plane Static write permissions. No “circuit breaker” for high-velocity actions.
Credential Plane Inherited user permissions. No way to revoke specific agent authority in real-time.

The Solution: Out-of-Band Revocation with Highflame ZeroID

To fix this, we must decouple "Instruction" from "Authority."

Safety shouldn't be a prompt; it should be a credential.

Highflame's ZeroID (https://github.com/highflame-ai/zeroid) is an identity infrastructure designed specifically for this problem. It treats an AI agent as a first-class entity with a verifiable identity and a "kill switch" that operates outside the model's reasoning path.

1. Identity over Impersonation (WIMSE/SPIFFE)

Instead of an agent simply "impersonating" a user, ZeroID assigns every agent a stable URI (e.g., spiffe://auth.highflame.ai/openclaw/prod/123). Every action is cryptographically signed and attributable to that specific agent ID.

2. Delegated Authority (RFC 8693)

ZeroID implements RFC 8693 (Token Exchange) for "On-Behalf-Of" delegation. When a user authorizes an agent, they issue a delegated token with Scope Attenuation. If the agent spawns a sub-agent to handle a task, that sub-agent only receives a subset of the original permissions. This prevents "privilege escalation" if the sub-agent goes rogue.

3. The Real-Time Kill Switch (CAE/SSF)

The "circuit breaker" missing in Yue's incident is Continuous Access Evaluation (CAE). ZeroID integrates with the OpenID Shared Signals Framework (SSF) to ingest or emit real-time revocation signals.

When a "Kill Switch" is triggered via a secure dashboard, ZeroID invalidates the agent's token immediately. Because the tool execution layer (the "runtime") must verify the token before every destructive action (like email:delete), the agent is halted instantly—regardless of what its "reasoning" tells it to do.

Video Demo: Stopping the "Speedrun"

The following demo showcases how ZeroID-hardened OpenClaw prevents the Summer Yue scenario.

Engineering a Safer Agentic Future

The Summer Yue incident proved that as context windows grow, prompt-based safety becomes mathematically fragile. If we want to move from "chat toys" to "secure production agents," we must provide a robust out-of-band control plane for agents. At Highflame, we are building exactly that, with our fully open source ZeroID as an agent identity layer.

Highflame's Agent Control Plane provides deterministic policy enforcement at the tool execution layer that enforces hard boundaries for what your agents can do. Within those boundaries we provide additional policy enforcement backed by our state-of-the-art guardrails to catch things like prompt injection, tool loops, PII/Secret leakage, and more.

Want to try it out or sign up for a free trial?

Book A Demo