惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

人人都是产品经理
人人都是产品经理
MyScale Blog
MyScale Blog
Y
Y Combinator Blog
罗磊的独立博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
Google DeepMind News
Google DeepMind News
V
Vulnerabilities – Threatpost
T
The Blog of Author Tim Ferriss
云风的 BLOG
云风的 BLOG
Recorded Future
Recorded Future
N
News and Events Feed by Topic
B
Blog RSS Feed
阮一峰的网络日志
阮一峰的网络日志
博客园_首页
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 【当耐特】
N
Netflix TechBlog - Medium
博客园 - 叶小钗
B
Blog
Vercel News
Vercel News
T
Tenable Blog
T
The Exploit Database - CXSecurity.com
Spread Privacy
Spread Privacy
T
Threat Research - Cisco Blogs
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Last Week in AI
Last Week in AI
F
Fortinet All Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Microsoft Security Blog
Microsoft Security Blog
S
Securelist
Microsoft Azure Blog
Microsoft Azure Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
P
Palo Alto Networks Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
D
DataBreaches.Net
Cyberwarzone
Cyberwarzone
Engineering at Meta
Engineering at Meta
Martin Fowler
Martin Fowler
G
GRAHAM CLULEY
Project Zero
Project Zero
Cisco Talos Blog
Cisco Talos Blog
A
Arctic Wolf
C
CERT Recently Published Vulnerability Notes
L
LangChain Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Check Point Blog
A
About on SuperTechFans
W
WeLiveSecurity
The GitHub Blog
The GitHub Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
I found the r/openclaw thread with 27 upvotes where someone gave an agent a real iPhone and now I can’t stop thinking about it
Lars Winstand · 2026-05-28 · via DEV Community

A few days ago I found this r/openclaw post: “I gave my agent my actual iphone..”

It had 27 upvotes and 16 comments.

That low number is exactly why I clicked.

The most interesting agent ideas usually show up before they get polished into a launch video. One builder does something slightly cursed, a few other builders pile into the comments, and suddenly you can see where the category is heading.

This thread felt like that.

The poster said they weren’t using a simulator. Not a browser pretending to be a phone. A real iPhone. They said the agent could access it “entirely,” and later explained it was an “Appium type layer” that was “pretty hacky.”

That one detail matters more than the headline.

Because if you’re building agents, the next battleground probably isn’t just browser automation. It’s persistent mobile identity: a real phone number, a real app session, a real logged-in device that keeps state across days.

And once you think about it that way, this stops sounding like a gimmick.

The interesting part: this is standard mobile automation, not magic

When the poster said “Appium type layer,” the whole thing became more believable.

If you’ve done mobile automation before, this is the obvious primitive.

capabilities = {
  "platformName": "iOS",
  "appium:automationName": "XCUITest",
  "appium:deviceName": "iPhone",
  "appium:platformVersion": "16.0"
}

# Real devices often also need:
# "appium:udid": "<device-udid>"

That is not some mysterious AI-native stack. It is just mobile automation plus an agent loop on top.

Which is also why it is fragile.

If your agent is driving a real iPhone UI, you are always one step away from:

  • a Face ID prompt
  • a permissions modal
  • a weird animation state
  • a stale screen read
  • a tap landing on the wrong element

So yes, this is hacky.

But browser agents were hacky too. Early RPA was hacky. Selenium was hacky. “Hacky” is often just the first version of something people will absolutely want once the tooling gets better.

What would you actually use an agent iPhone for?

This is where the thread got smarter than the title.

The poster said they were testing:

  • drafting iMessages with approval
  • running iOS Shortcuts
  • using apps that do not have APIs
  • mobile app QA/testing

That is a solid list.

Not because “AI on a phone” is novel. That framing is too shallow.

The real use case is giving an agent a durable mobile identity.

That means:

  • a real phone number
  • a real iMessage account
  • persistent app sessions
  • a device that stays logged in
  • continuity across tasks over multiple days

That matters because a lot of ugly automation work still lives inside mobile-only apps.

Not everything has an API.

And even when an API exists, it often does not expose the exact workflow the human app does.

The best architecture is layered, not pure UI automation

If you are building this, the right move is not “automate the whole UI for everything.”

It is a layered stack:

  1. Use an API when the app has one
  2. Use iOS Shortcuts or App Intents when available
  3. Fall back to UI automation only when needed

That is the practical version.

Shortcuts are especially interesting here because they can become the bridge between clean integrations and messy UI control.

If the app exposes a Shortcut action, let the agent call that.

If it does not, let the agent drive the screen.

That hybrid model is much better than pretending every task deserves full visual control.

The skeptic take is right, but incomplete

The obvious objection is: why automate a phone UI when you could just build a proper integration?

Fair point.

If the app already has a stable API, use the API.

If it exposes a Shortcut action, use that.

Driving the entire iPhone UI to do something that could have been one HTTP request is slower, more brittle, and kind of ridiculous.

But the believers in that thread are also right about something more important:

A shocking amount of real work still hides behind mobile-only interfaces.

That includes:

  • iMessage workflows
  • consumer apps with no public API
  • field operations apps
  • scheduling apps
  • local business tools
  • apps where the login session itself is the valuable asset

That is why this resonated with OpenClaw users.

People building agents do not just want a bot that answers questions in Slack. They want systems that operate.

And operation means touching ugly surfaces.

Browsers are one ugly surface.

A real iPhone is another.

The cost problem gets worse on phones

One small comment in the thread stuck with me: the poster said they were using “flash 3.5” and that it worked well enough.

That is the tell.

They are already separating the control layer from the model layer.

That is exactly what you want.

Because once an agent is driving a phone, cost can spike fast.

A single retry might mean:

  1. capture another screenshot
  2. run another vision pass
  3. plan the next action
  4. propose the action
  5. wait for approval
  6. retry after a load spinner or modal

Do that over and over in a long-lived session and per-token billing starts looking terrible.

This is where a lot of agent demos quietly fall apart in production. The task itself is not expensive. The repeated thinking around the task is.

If you are paying per token, every loop hurts.

If you are running agents in n8n, Make, Zapier, OpenClaw, or custom workflows, this gets even uglier because the agent is rarely doing one clean request. It is bouncing through retries, checks, tool calls, and approval steps.

That is why model routing matters.

Use a cheaper model for routine perception and planning.

Escalate to stronger models only when the task is ambiguous, high-stakes, or approval-gated.

And if your workload is continuous, flat-rate compute becomes much more attractive than metered token billing.

That is the practical reason I think products like Standard Compute are relevant here. If you are building long-running agents, especially agents that loop through mobile UI states, unlimited compute at a predictable monthly price is a much saner fit than watching token spend every time the agent stares at a loading spinner.

A practical routing pattern for phone agents

This is the kind of split I would use:

Task type Model strategy
Basic screen understanding Cheap fast model
Repeated UI retries Cheap fast model
Sensitive actions like send/book/buy Strong model plus approval
Ambiguous flows or broken state recovery Strong model
Long-running automation at scale Flat-rate compute if possible

Pseudo-code version:

type Action = "tap" | "scroll" | "type" | "send" | "book" | "buy";

function pickModel(task: {
  action: Action;
  ambiguous: boolean;
  sensitive: boolean;
  retryCount: number;
}) {
  if (task.sensitive) return "strong-model";
  if (task.ambiguous) return "strong-model";
  if (task.retryCount > 3) return "strong-model";
  return "fast-cheap-model";
}

The point is simple: do not spend premium-model money on every tap.

If I were building this, I would start with guardrails

The scary part is not whether an agent can tap buttons.

The scary part is that a real iPhone can do real things.

A browser agent submitting the wrong form is annoying.

An iPhone agent sending the wrong iMessage, confirming the wrong booking, or touching the wrong payment flow is a different class of mistake.

So if you are serious about this, I think the minimum viable guardrails look like this:

  • approval before send/book/buy actions
  • full screenshot and action logs
  • persistent session IDs
  • replayable task traces
  • explicit allowlists for apps and contacts
  • fallback to human handoff when confidence drops

Something like:

const session = await phones.createSession({
  device: "iphone",
  region: "us",
  approvals: "sensitive-actions",
  allowedApps: ["Messages", "Shortcuts", "BookingApp"]
});

await agents.runTask({
  sessionId: session.id,
  goal: "Draft an iMessage confirming the new appointment time",
  approvalBefore: ["send", "book", "buy"],
  handoffOnLowConfidence: true
});

That is the grown-up version of the idea.

Not “my bot has my phone now.”

More like “the agent can operate inside a controlled mobile session with auditability.”

Build it yourself, use a device cloud, or use an agent-native layer?

The market here is splitting into three lanes.

Option What you actually get
DIY Appium on real iPhones Maximum flexibility, maximum operational pain
BrowserStack App Automate Massive real-device QA infrastructure, testing-first workflow
Browseblue-style agent layer Persistent phone identity, approvals, logs, and agent-oriented sessions

These are not the same thing.

BrowserStack is great if your main job is app testing.

A Browseblue-style system is more interesting if your job is giving an agent a durable mobile identity.

DIY is still valid if you need total control and are willing to own the mess.

If you want to experiment, keep it boring at first

If I were prototyping this next week, I would not start with autonomous texting or high-risk flows.

I would start here:

1. Pick one narrow workflow

Good examples:

  • open an app and read a status screen
  • draft an iMessage but do not send it
  • run a Shortcut and verify output
  • navigate a QA flow and capture screenshots

2. Add approvals early

Do not wait until later to bolt on safety.

Make “send,” “book,” and “buy” approval-gated from day one.

3. Separate orchestration from inference

Your agent loop should treat model calls as one component, not the whole architecture.

4. Log everything

At minimum:

session_id=iphone-123
timestamp=2026-05-27T10:15:00Z
action=tap
target="Messages compose button"
model="fast-cheap-model"
approval_required=false
screenshot="s3://.../step-14.png"

5. Watch your cost profile immediately

This part matters more than people expect.

If the workflow loops a lot, token-based pricing will show you exactly how expensive “just one more retry” becomes.

That is why teams running heavy automations often end up wanting a flat monthly bill instead of metered spend.

My actual takeaway from the thread

I do not think the headline idea is “agents can use phones now.”

That is too obvious.

The real idea is that agents are starting to need persistent identities in the places humans actually work.

Not just API keys.

Not just browser sessions.

Real phone numbers. Real app logins. Real saved state. Real approval history. Real continuity across days.

That is what makes the thread interesting.

The stack is hacky. The skeptics are right that UI automation is brittle. Native integrations are cleaner when available.

All true.

I still think this points at something real.

The next useful agents will not just answer in Slack or Discord.

They will:

  • open the iPhone-only app
  • keep the session alive
  • draft the iMessage
  • wait for approval
  • send from the right number
  • come back tomorrow still logged in

Messy? Absolutely.

But so was every important interface layer before it became normal.

And if that future shows up the way I think it will, the winners will not just have better agent loops.

They will have better cost control too.

Because once your agents move from chat to operation, especially on mobile, predictable compute stops being a nice-to-have and becomes part of the architecture.