[ { "start": 0.18, "end": 4.08, "text": "So,\nOpen Claw or Clawed Bot as it used to be" }, { "start": 4.14, "end": 7.75, "text": "and Mold book,\nit's been some intense days on this" }, { "start": 7.78, "end": 11.72, "text": "We got a new AI hype and, of course,\nI also spent the" }, { "start": 11.76, "end": 15.64, "text": "last days trying to get as much as\npossible out of" }, { "start": 15.7, "end": 19.19, "text": "Open Claw, and I got some feelings\nand thoughts, and they" }, { "start": 19.36, "end": 23.3, "text": "differ from most of the other videos\nand posts" }, { "start": 23.86, "end": 27.72, "text": "I saw.\nBut let me start with a short story," }, { "start": 27.78, "end": 31.68, "text": "and I'm sure you can figure out the\nanalogy." }, { "start": 31.72, "end": 35.46, "text": "Imagine you are living in a town,\na village, and in that" }, { "start": 35.56, "end": 39.22, "text": "town,\nthere is that really friendly guy that" }, { "start": 39.5, "end": 42.68, "text": "eager and happy to help you with all kinds\nof" }, { "start": 42.74, "end": 46.7, "text": "tasks.\nHe does all the chores you don't want to" }, { "start": 46.74, "end": 50.7, "text": "at least he tries to.\nHe's happy to take your kids" }, { "start": 50.71, "end": 54.16, "text": "to school, to clean your house,\nclean your car, do the" }, { "start": 54.2, "end": 58.08, "text": "groceries for you, and you can lean back,\nrelax," }, { "start": 58.16, "end": 61.86, "text": "and let's say, um,\nin order to really help you, of" }, { "start": 61.96, "end": 65.72, "text": "course, that assistant,\nthat person needs broad" }, { "start": 66.0, "end": 69.18, "text": "permissions.\nYou need to give him the keys to your" }, { "start": 69.22, "end": 73.16, "text": "You need to give him the keys to your car\nso that he can clean" }, { "start": 73.18, "end": 76.3, "text": "it from the inside\nand do groceries with it." }, { "start": 76.38, "end": 79.92, "text": "You also, of course,\nneed to tell your kids to get into the" }, { "start": 79.98, "end": 83.87, "text": "car with him so that he can take them to\nschool, and so on" }, { "start": 83.94, "end": 87.52, "text": "and so forth. Now, there\nis a problem with that guy" }, { "start": 87.56, "end": 91.14, "text": "though. He's super friendly,\nbut he sometimes comes to weird" }, { "start": 91.24, "end": 95.0, "text": "conclusions. At least,\nyou can't rule out that he will" }, { "start": 95.14, "end": 98.96, "text": "come to weird conclusions.\nHe may conclude that" }, { "start": 99.0, "end": 102.98, "text": "the best way to get rid of all the dirt in\nyour house is to set" }, { "start": 103.0, "end": 106.8, "text": "it on fire. Unfortunately, he also is" }, { "start": 106.9, "end": 110.72, "text": "easily influenced by others, at least\nif they're a" }, { "start": 110.76, "end": 114.72, "text": "bit more deceptive about it. He can" }, { "start": 114.78, "end": 118.22, "text": "be influenced to maybe steal your car" }, { "start": 118.38, "end": 122.2, "text": "because that's better for society as a" }, { "start": 122.26, "end": 126.07, "text": "whole. Again, not guaranteed, not" }, { "start": 126.12, "end": 129.36, "text": "necessarily going to happen,\nbut absolutely possible." }, { "start": 129.419, "end": 133.36, "text": "You can't rule it out. And, therefore," }, { "start": 133.4, "end": 137.04, "text": "of course,\nyou unfortunately have to take away" }, { "start": 137.36, "end": 141.18, "text": "many of the permissions\nand much of the access you granted" }, { "start": 141.28, "end": 144.98, "text": "that guy because you can't entirely trust" }, { "start": 145.02, "end": 148.66, "text": "him, and the things that could happen\nare too" }, { "start": 149.08, "end": 152.54, "text": "bad for you to just live with them or" }, { "start": 152.549, "end": 155.13, "text": "accept them as a potential danger." }, { "start": 155.16, "end": 158.989, "text": "So unfortunately, of course,\nas you take away many of those permissions" }, { "start": 159.08, "end": 163.0, "text": "access rights, he gets less\nand less useful" }, { "start": 163.16, "end": 166.34, "text": "to you. And then there is another problem." }, { "start": 166.44, "end": 170.0, "text": "Even with broad permissions, you didn't" }, { "start": 170.16, "end": 173.82, "text": "get as much use out of him as you hoped" }, { "start": 173.84, "end": 177.7, "text": "to because the tasks you were promised he" }, { "start": 177.74, "end": 181.54, "text": "could do, he only sometimes did,\nand some of them he" }, { "start": 181.64, "end": 185.4, "text": "was not able to do at all\nor he forgot how to do" }, { "start": 185.44, "end": 189.32, "text": "something or did the same task differently\nevery time you" }, { "start": 189.46, "end": 193.04, "text": "asked him about it\nor needed a lot of input from your" }, { "start": 193.18, "end": 197.06, "text": "side. So ultimately, you're not convinced," }, { "start": 197.1, "end": 200.78, "text": "and that's been, you guessed it,\nmy experience with" }, { "start": 201.08, "end": 204.52, "text": "Open Claw, and believe me, I, I tried." }, { "start": 204.6, "end": 208.59, "text": "I read many good things.\nI heard many good things about it," }, { "start": 208.64, "end": 212.26, "text": "tried. I spun up my own VPS. By the way,\nuh, I didn't" }, { "start": 212.42, "end": 216.2, "text": "know, but you can actually also use VPS,\nuh," }, { "start": 216.22, "end": 219.44, "text": "providers other than Hostinger.\nNothing against Hostinger." }, { "start": 219.52, "end": 223.4, "text": "Uh, I just had a different feeling\nwhen I watched many of those videos," }, { "start": 223.74, "end": 227.64, "text": "but anyways. Uh, I spun up my own VPS and" }, { "start": 227.8, "end": 231.42, "text": "I installed Open Claw on it,\nand of course, you could also" }, { "start": 231.46, "end": 235.08, "text": "install it on, on your system. Um,\nthere is one single" }, { "start": 235.14, "end": 238.88, "text": "command you need to run and, uh,\nthen you're good to go, but" }, { "start": 238.96, "end": 242.46, "text": "personally, I would never install it on my" }, { "start": 242.48, "end": 246.4, "text": "MacBook even though I'm fully aware\nthat I would be able" }, { "start": 246.44, "end": 250.38, "text": "to get more out of it\nif I would install it there," }, { "start": 250.42, "end": 254.01, "text": "why I didn't install it there\nand why I would never install it there" }, { "start": 254.04, "end": 257.93, "text": "now, uh, later.\nSo I installed it on my VPS and I" }, { "start": 257.94, "end": 261.6, "text": "went through that onboarding flow,\nand I'm sure you saw that many times now" }, { "start": 261.64, "end": 265.22, "text": "already and you maybe already went through\nit on your own." }, { "start": 265.48, "end": 269.36, "text": "I linked it up to my ChatGPT Plus\nsubscription in the" }, { "start": 269.44, "end": 273.3, "text": "end. I set up my Telegram bot and I" }, { "start": 273.36, "end": 277.24, "text": "was ready to communicate with my bot in\nthe end, with my" }, { "start": 277.3, "end": 281.24, "text": "Open Claw bot. And then there I" }, { "start": 281.3, "end": 284.8, "text": "sat and had to think of things" }, { "start": 285.38, "end": 289.31, "text": "I wanted it to do for me. Now, of course,\nI've seen plenty of" }, { "start": 289.38, "end": 293.0, "text": "other posts and videos where people used\nit" }, { "start": 293.08, "end": 296.92, "text": "to have it build dashboards for them" }, { "start": 297.1, "end": 300.54, "text": "or do web research or find cheaper" }, { "start": 300.72, "end": 304.67, "text": "flights or even buy stuff, but" }, { "start": 304.9, "end": 308.469, "text": "I didn't feel like giving it access to my\ncredit card, and," }, { "start": 308.54, "end": 312.3, "text": "um, I, I'm not sure about you\nbut I typically don't fly" }, { "start": 312.34, "end": 315.6, "text": "three times a day, so, um,\nlooking for those flights" }, { "start": 315.68, "end": 319.58, "text": "myself, especially since there\nare flight comparison sites out there" }, { "start": 319.64, "end": 322.746, "text": "that find you the cheapest flight,\nwasn't....." }, { "start": 322.776, "end": 326.696, "text": "too difficult of a task for me\nand I genuinely enjoy the process" }, { "start": 326.756, "end": 330.076, "text": "of planning my trips. But, of course,\nthat may be different for everybody else." }, { "start": 330.096, "end": 333.976, "text": "Now, for research, I had the problem\nthat I'm super happy with the" }, { "start": 334.056, "end": 337.796, "text": "AI-powered research tools\nthat already exist, like the AI" }, { "start": 337.896, "end": 341.616, "text": "mode, uh, on google.com\nor Deep Research on" }, { "start": 341.696, "end": 344.416, "text": "Gemini or on ChatGPT. I use those a lot." }, { "start": 344.456, "end": 348.256, "text": "I find them really helpful so I didn't\nreally need my" }, { "start": 348.316, "end": 351.946, "text": "own bot for that that has a high" }, { "start": 352.096, "end": 354.236, "text": "chance of performing worse actually." }, { "start": 354.256, "end": 357.396, "text": "Now, I do get there\nare certain areas where it" }, { "start": 357.456, "end": 360.416, "text": "could be better than those other" }, { "start": 360.496, "end": 363.856, "text": "research, uh, bots or services. For" }, { "start": 363.956, "end": 367.736, "text": "example,\nif I would grant it access to my X" }, { "start": 367.816, "end": 371.556, "text": "say, um, I understand that it could,\nof course, do" }, { "start": 371.616, "end": 375.436, "text": "research in areas where you need to be\nlogged in or" }, { "start": 375.556, "end": 379.416, "text": "where my history matters. I,\nI fully get that," }, { "start": 379.496, "end": 383.456, "text": "um,\nso that's why I'm using SuperGrok for" }, { "start": 383.556, "end": 387.336, "text": "if I wanna research on X. But yeah,\nI get that if you" }, { "start": 387.396, "end": 390.916, "text": "give it broad permissions,\nif you allow it to log into your" }, { "start": 390.976, "end": 394.396, "text": "accounts, use your browser,\nmaybe run on your system, you" }, { "start": 394.476, "end": 397.976, "text": "can probably get a bit more out of it than\nI was" }, { "start": 398.096, "end": 401.496, "text": "able to get out of it.\nAnd maybe I'm just also not" }, { "start": 401.776, "end": 405.696, "text": "creative enough. And by the way,\njust to be very clear, and I" }, { "start": 405.716, "end": 409.556, "text": "think I have made\nthat clear in other videos too," }, { "start": 409.656, "end": 412.636, "text": "of AI, not just for research\nbut also for coding." }, { "start": 412.656, "end": 416.556, "text": "For example,\nI recently released an entire Claude Code" }, { "start": 416.596, "end": 420.556, "text": "I'm using Claude Code\nand all these other tools like Cursor for" }, { "start": 420.836, "end": 424.656, "text": "software. I think AI is a huge help" }, { "start": 424.736, "end": 428.556, "text": "there or can be a huge help there.\nSo that's not a general" }, { "start": 428.596, "end": 432.056, "text": "thing against AI.\nI just genuinely didn't find" }, { "start": 432.066, "end": 435.996, "text": "the amazing use cases for OpenClaire,\nespecially when not" }, { "start": 436.056, "end": 439.606, "text": "running it on my machine, and that is" }, { "start": 439.656, "end": 443.206, "text": "the main problem I actually have with it." }, { "start": 443.216, "end": 447.026, "text": "Because you could definitely say\nthat I'm just not creative enough or not" }, { "start": 447.076, "end": 450.666, "text": "open-minded enough to find the right use\ncases for it," }, { "start": 451.456, "end": 455.316, "text": "but security is a huge issue" }, { "start": 455.496, "end": 459.356, "text": "I have with OpenClaire.\nAnd I know there are people" }, { "start": 459.396, "end": 463.356, "text": "that will tell you\nthat they used it for weeks" }, { "start": 463.376, "end": 467.356, "text": "wrong or that this, uh, will all,\nof course, get" }, { "start": 467.396, "end": 470.856, "text": "better,\nand I will say the first argument" }, { "start": 471.096, "end": 475.056, "text": "wrong, um, well,\nthat's not the kind of argument" }, { "start": 475.096, "end": 478.756, "text": "that convinces me because just because\nnothing went wrong" }, { "start": 479.096, "end": 482.896, "text": "for you does not mean that nothing is" }, { "start": 482.936, "end": 486.336, "text": "going wrong in general and\nthat there wouldn't" }, { "start": 486.396, "end": 490.286, "text": "be huge security issues that" }, { "start": 490.396, "end": 494.336, "text": "can, of course,\nbe exploited by bad actors or" }, { "start": 494.376, "end": 497.976, "text": "that, of course,\nthings could simply go wrong because" }, { "start": 498.096, "end": 502.046, "text": "AI, large language models,\nis unpredictable." }, { "start": 502.076, "end": 505.806, "text": "Of course,\nthe chance for it erasing your hard drive" }, { "start": 505.836, "end": 509.616, "text": "extremely high. It's super low\nbut it's not zero" }, { "start": 509.676, "end": 513.656, "text": "and it will never be zero with large\nlanguage models" }, { "start": 513.696, "end": 517.546, "text": "without additional checks.\nThey can be unpredictable." }, { "start": 517.635, "end": 521.286, "text": "In addition,\nin the official security documentation of" }, { "start": 521.336, "end": 525.056, "text": "OpenClaire,\nthey are correctly stating that prompt" }, { "start": 525.176, "end": 528.976, "text": "injection is not solved. Of course, the" }, { "start": 529.076, "end": 532.596, "text": "latest models like GPT-5.2\nand so on got much" }, { "start": 532.776, "end": 536.576, "text": "better at protecting against prompt\ninjection." }, { "start": 536.596, "end": 540.396, "text": "They got much better at following\ninstructions," }, { "start": 540.496, "end": 544.066, "text": "on. But there is no 100% protection" }, { "start": 544.096, "end": 548.056, "text": "against, uh, prompt injection\nand the way large language models" }, { "start": 548.156, "end": 551.516, "text": "work, there never will be.\nSo prompt injection" }, { "start": 551.576, "end": 555.056, "text": "attacks can't be ruled out and, of course,\nthe" }, { "start": 555.536, "end": 558.696, "text": "more popular tools like OpenClaire get,\nthe more" }, { "start": 558.776, "end": 562.596, "text": "people that are running it,\nthe more it will be in the" }, { "start": 562.696, "end": 566.236, "text": "focus of bad actors. And there are various" }, { "start": 566.316, "end": 570.196, "text": "ways of injecting prompts into an active" }, { "start": 570.376, "end": 574.116, "text": "OpenClaire bot because you may think,\n\"Well, I'm the only one" }, { "start": 574.136, "end": 577.896, "text": "communicating with it.\nI have my Telegram bot set up and" }, { "start": 577.976, "end": 581.336, "text": "only I have access to\nthat so I'm safe.\" Well, think" }, { "start": 581.456, "end": 585.415, "text": "again. For example, there\nis this idea of skills" }, { "start": 585.456, "end": 589.206, "text": "with OpenClaire and you may already know\nskills from coding agents" }, { "start": 589.236, "end": 592.045, "text": "like Claude Code. The idea\nis kind of the same." }, { "start": 592.076, "end": 595.576, "text": "The idea is that you expose extra" }, { "start": 595.676, "end": 599.236, "text": "context in the end,\nan extra Markdown document, though" }, { "start": 599.276, "end": 602.976, "text": "potentially also coupled with executable\nscripts, uh," }, { "start": 602.986, "end": 605.736, "text": "to the agent to give it more capabilities." }, { "start": 605.776, "end": 609.766, "text": "So for example, to, uh,\ngive it some extra documentation on how" }, { "start": 609.856, "end": 613.246, "text": "to interact with Slack here in this\nexample." }, { "start": 613.246, "end": 616.956, "text": "And then as mentioned,\na skill can also come bundled up with some" }, { "start": 617.016, "end": 620.616, "text": "additional script\nwhich the AI agent can execute to" }, { "start": 620.656, "end": 624.636, "text": "efficiently do something like generate an\nimage or send a message to Slack" }, { "start": 624.676, "end": 628.306, "text": "or whatever it is Now the problem is that" }, { "start": 628.496, "end": 631.616, "text": "Claw Hub, the official skills hub for" }, { "start": 631.656, "end": 635.415, "text": "OpenClaire,\ninitially at least allowed everybody" }, { "start": 635.476, "end": 638.906, "text": "to submit skills. So it was pretty" }, { "start": 638.956, "end": 642.415, "text": "easy to run supply chain" }, { "start": 642.436, "end": 645.256, "text": "attacks which we saw from the npm" }, { "start": 645.396, "end": 648.996, "text": "ecosystem, uh, last year, uh,\ntotally unrelated to" }, { "start": 649.076, "end": 652.856, "text": "AI, which essentially means that, uh,\na bad" }, { "start": 652.936, "end": 656.915, "text": "actor can publish a skill\nthat tells the AI" }, { "start": 656.976, "end": 659.915, "text": "to do something bad and that\nis just a prompt injection." }, { "start": 659.956, "end": 663.836, "text": "So just by installing a malicious skill,\nyou could" }, { "start": 663.856, "end": 667.336, "text": "expose your agent to a prompt injection\nattack." }, { "start": 667.696, "end": 671.616, "text": "Now some fixes were implemented here so,\nuh, at" }, { "start": 671.636, "end": 675.596, "text": "the point of time where I'm recording\nthis," }, { "start": 675.696, "end": 678.556, "text": "so the security was vastly improved here." }, { "start": 678.576, "end": 682.436, "text": "But if we learned anything from the supply\nchain attacks on npm" }, { "start": 682.506, "end": 686.286, "text": "last year, it is\nthat we definitely can't rule out" }, { "start": 686.415, "end": 689.896, "text": "that this skills feature,\nthis hub can be used to" }, { "start": 689.936, "end": 692.93, "text": "inject, um, malicious instructions into..." }, { "start": 693.08, "end": 696.63, "text": "into the ecosystem and into your, uh,\nOpenClaw" }, { "start": 696.88, "end": 700.3, "text": "setup potentially.\nAnd that's not the only way of running" }, { "start": 700.34, "end": 704.27, "text": "attacks.\nIf your bot reaches out to the internet," }, { "start": 704.32, "end": 707.98, "text": "it most likely does, it will, of course,\nvisit websites or" }, { "start": 708.12, "end": 711.82, "text": "read content from websites. And there," }, { "start": 711.9, "end": 715.72, "text": "we also can have malicious websites\nthat trick the" }, { "start": 715.78, "end": 719.63, "text": "AI into following instructions, prompts,\nthat are" }, { "start": 719.66, "end": 723.36, "text": "embedded on that website.\nEvery piece of text" }, { "start": 723.7, "end": 727.36, "text": "your bot reads and processes is a" }, { "start": 727.64, "end": 731.36, "text": "prompt in the end,\nso every website it visits" }, { "start": 731.76, "end": 735.74, "text": "is a prompt, uh, or contains a prompt\nthat it" }, { "start": 735.82, "end": 739.7, "text": "can follow and execute.\nAnd then we got other potential sources as" }, { "start": 739.76, "end": 743.429, "text": "well like, for example, emails.\nIf you use your, uh," }, { "start": 743.6, "end": 747.32, "text": "bot to process incoming emails,\nevery email, of" }, { "start": 747.4, "end": 750.68, "text": "course, acts as a prompt. So prompt" }, { "start": 750.82, "end": 754.56, "text": "injection is a, a serious, huge risk\nand just" }, { "start": 754.58, "end": 758.12, "text": "because nothing went wrong for you ever,\ndoesn't mean" }, { "start": 758.46, "end": 762.28, "text": "things can't go wrong. Now you may,\nof course, say, \"Well," }, { "start": 762.42, "end": 766.34, "text": "I'm running my bot on a VPS.\" Or maybe" }, { "start": 766.4, "end": 770.06, "text": "you're using something like MaltWorker,\nwhich is in the end a" }, { "start": 770.12, "end": 773.77, "text": "pre-built blueprint or setup provided by" }, { "start": 773.88, "end": 777.68, "text": "Cloudflare,\nwhich uses various Cloudflare services for" }, { "start": 777.8, "end": 781.66, "text": "hosting and running, uh, OpenClaw,\nand you should be doing" }, { "start": 781.72, "end": 785.11, "text": "that. You should be doing that. Uh,\nyou should absolutely" }, { "start": 785.32, "end": 789.26, "text": "not run it on, on your system.\nAnd there also are" }, { "start": 789.46, "end": 793.3, "text": "features like sandboxing, so that\nis actually" }, { "start": 793.32, "end": 796.62, "text": "built into OpenClaw. They have a-\nan entire" }, { "start": 796.63, "end": 800.58, "text": "documentation article about sandboxing\nand how you can make sure" }, { "start": 800.62, "end": 804.54, "text": "your agents run in a sandbox,\nwhich essentially is a darker container," }, { "start": 804.62, "end": 807.08, "text": "so that the blast radius is reduced." }, { "start": 807.22, "end": 811.14, "text": "By the way, the documentation, it's a lot,\nbut it's" }, { "start": 811.28, "end": 815.25, "text": "not good. I spent hours, literally many,\nmany" }, { "start": 815.4, "end": 819.14, "text": "hours trying to secure my setup.\nAnd I'm sure it's all in" }, { "start": 819.18, "end": 822.319, "text": "there, and I saw the security article." }, { "start": 822.36, "end": 825.96, "text": "It's just so, so hard.\nAnd before you tell me that I should've" }, { "start": 826.08, "end": 829.72, "text": "asked my OpenClaw bot, I did a lot.\nIt sometimes" }, { "start": 829.78, "end": 832.9, "text": "worked, it sometimes didn't. It\nwas a lot of trial and error." }, { "start": 832.96, "end": 836.6, "text": "So yeah, the documentation and how" }, { "start": 836.7, "end": 840.5, "text": "hard it is to get useful information out\nof it is" }, { "start": 840.58, "end": 843.88, "text": "its own problem, but, of course, one\nthat can be fixed." }, { "start": 843.889, "end": 847.76, "text": "And I appreciate the fact\nthat at least the information" }, { "start": 847.8, "end": 851.66, "text": "here, just to be clear. But yeah,\nso sandboxing is" }, { "start": 851.8, "end": 855.76, "text": "built in and is available\nand allows you to" }, { "start": 856.16, "end": 859.58, "text": "reduce the blast radius, which is super" }, { "start": 859.62, "end": 863.5, "text": "important. Uh, because in the end," }, { "start": 863.58, "end": 866.949, "text": "due to the prompt injection, uh," }, { "start": 866.98, "end": 870.4, "text": "vulnerabilities that exist\nthat can't really be" }, { "start": 870.44, "end": 873.85, "text": "solved, reducing the blast radius is" }, { "start": 873.88, "end": 877.68, "text": "important. So, for example,\nif you use sandboxing," }, { "start": 877.82, "end": 881.7, "text": "overall setup on a VPS,\nthe worst thing that could happen" }, { "start": 881.8, "end": 885.68, "text": "is that, of course,\nthe stuff in the sandbox gets deleted" }, { "start": 885.76, "end": 889.63, "text": "or, depending on your setup,\nmaybe your entire VPS but not" }, { "start": 889.66, "end": 893.64, "text": "your system.\nThat's the reason why I would never run," }, { "start": 893.72, "end": 896.48, "text": "OpenClaw on, on my machine,\non my main machine." }, { "start": 896.62, "end": 900.48, "text": "I'm-\nI absolutely don't want it to erase files," }, { "start": 900.5, "end": 904.15, "text": "whatever, on my machine. So yeah,\nreducing the blast radius is" }, { "start": 904.18, "end": 908.12, "text": "important. Unfortunately, though,\nthat still doesn't protect you against the" }, { "start": 908.16, "end": 911.76, "text": "worst things that could happen because\nwith prompt injection" }, { "start": 911.8, "end": 915.54, "text": "attacks, of course,\nan attacker could try to delete files on" }, { "start": 915.58, "end": 919.56, "text": "system. But even worse than that,\nthey could steal stuff." }, { "start": 919.62, "end": 923.14, "text": "So data exfiltration" }, { "start": 923.26, "end": 926.24, "text": "is, in my opinion, a, a bigger problem" }, { "start": 926.68, "end": 930.0, "text": "than an attacker deleting files on your" }, { "start": 930.06, "end": 933.4, "text": "system. And data exfiltration is" }, { "start": 933.54, "end": 937.32, "text": "100% something that can happen or" }, { "start": 937.36, "end": 941.12, "text": "that can be the result of a prompt\ninjection attack because, of course, an" }, { "start": 941.18, "end": 945.03, "text": "attacker could get the AI to gather all\nthe secrets it knows," }, { "start": 945.12, "end": 949.1, "text": "all the passwords it knows,\nand it needs to know some passwords" }, { "start": 949.12, "end": 951.07, "text": "in order to use your email account." }, { "start": 951.1, "end": 954.73, "text": "Maybe it's-\nmaybe you gave it your credit card number," }, { "start": 954.859, "end": 958.22, "text": "access to various pieces of data and\nthat data could be" }, { "start": 958.26, "end": 962.09, "text": "collected due to a prompt injection attack\nand could" }, { "start": 962.12, "end": 965.71, "text": "be exfiltrated, and that is a, uh," }, { "start": 965.92, "end": 969.89, "text": "bigger, uh,\nrisk than it potentially deleting your" }, { "start": 969.92, "end": 972.33, "text": "hard drive if you set it up correctly." }, { "start": 972.34, "end": 974.22, "text": "Of course, it could also do other things." }, { "start": 974.24, "end": 978.2, "text": "It could turn your VPS into a, a bot" }, { "start": 978.52, "end": 982.44, "text": "for DDoS attacks, for example,\nso that's just" }, { "start": 982.5, "end": 986.22, "text": "one example. There\nis an endless amount of things" }, { "start": 986.26, "end": 990.07, "text": "course, but the main thing to take away\nis that through" }, { "start": 990.1, "end": 993.9, "text": "prompt injection attacks,\nattackers could take over" }, { "start": 994.08, "end": 996.34, "text": "your bot and, therefore, your machine." }, { "start": 996.36, "end": 999.49, "text": "They could get your bot to install\nmalicious software" }, { "start": 1000.06, "end": 1004.02, "text": "to tweak the system configuration\ndepending on the access rights it" }, { "start": 1004.04, "end": 1007.7, "text": "has, of course,\nand then they could potentially take over" }, { "start": 1007.8, "end": 1011.26, "text": "your VPS, your machine. These\nare the kind of things that could" }, { "start": 1011.34, "end": 1014.32, "text": "happen. So access rights are the" }, { "start": 1014.36, "end": 1018.32, "text": "important, uh, keyword here,\nand sandboxing is" }, { "start": 1018.4, "end": 1021.68, "text": "one crucial part in that.\nIt's not all though." }, { "start": 1021.76, "end": 1025.699, "text": "You can configure...... your OpenClaw" }, { "start": 1025.78, "end": 1029.52, "text": "bot such that it has to ask for approval\nwhen" }, { "start": 1029.599, "end": 1033.159, "text": "running in sandbox mode, at least,\nfor executing" }, { "start": 1033.28, "end": 1037.099, "text": "certain tasks. But\nthat kind of defeats the idea of" }, { "start": 1037.26, "end": 1041.099, "text": "having a bot that runs behind the scenes\nand does stuff whilst you are" }, { "start": 1041.109, "end": 1044.579, "text": "away because you all the time have to give\nit" }, { "start": 1044.599, "end": 1047.939, "text": "approval for all the kind of stuff it\nwants to do" }, { "start": 1047.98, "end": 1050.86, "text": "suddenly, and that, of course,\ngets super annoying." }, { "start": 1050.919, "end": 1054.899, "text": "So you just might not read anymore what\nit's asking approval for, you" }, { "start": 1054.939, "end": 1058.32, "text": "might always grant approval,\nand at some point," }, { "start": 1058.379, "end": 1061.879, "text": "just annoys you. Because again,\nit's not really useful if you have to" }, { "start": 1061.959, "end": 1065.379, "text": "manually approve everything.\nSo combine that," }, { "start": 1065.419, "end": 1069.219, "text": "combine these security issues and the fact" }, { "start": 1069.28, "end": 1072.8, "text": "that I did not find a way of running this" }, { "start": 1072.86, "end": 1076.419, "text": "securely in a way I would feel good with,\nwith the" }, { "start": 1076.5, "end": 1080.199, "text": "fact that I didn't really find those super\namazing" }, { "start": 1080.3, "end": 1083.8, "text": "use cases, combine these things\nand you end up with a" }, { "start": 1083.84, "end": 1087.139, "text": "situation where, uh,\nI'm just not using OpenClaw" }, { "start": 1087.219, "end": 1090.949, "text": "anymore. And of course,\nthat can be different for you" }, { "start": 1090.98, "end": 1094.56, "text": "people that were super excited, and yeah,\nit's possible that the" }, { "start": 1094.6, "end": 1098.31, "text": "future of personal AI-powered assistants\nlooks" }, { "start": 1098.31, "end": 1102.24, "text": "something like this. It's possible\nthat better security" }, { "start": 1102.28, "end": 1105.8, "text": "mechanisms can be introduced and can be" }, { "start": 1105.939, "end": 1109.56, "text": "invented that don't require your constant\napproval for" }, { "start": 1109.78, "end": 1113.12, "text": "everything or that make\nthat approval process easier" }, { "start": 1113.719, "end": 1117.6, "text": "and therefore allow you to securely run\nassistants like" }, { "start": 1117.659, "end": 1121.56, "text": "this. That is all possible.\nI wouldn't rule out that" }, { "start": 1121.58, "end": 1125.139, "text": "this happens, and of course, it\nis an impressive" }, { "start": 1125.379, "end": 1128.78, "text": "feat that a single developer built this\ntool, though, of" }, { "start": 1128.86, "end": 1132.439, "text": "course,\nnot looking at the code at all does have" }, { "start": 1132.5, "end": 1136.179, "text": "price, uh, as many bugs and" }, { "start": 1136.28, "end": 1139.679, "text": "security problems, uh,\ncertainly also show." }, { "start": 1139.74, "end": 1143.379, "text": "Not that software wouldn't have any\nsecurity problems if" }, { "start": 1143.98, "end": 1147.659, "text": "you would review everything,\nbut it certainly, in my opinion," }, { "start": 1147.699, "end": 1151.669, "text": "don't look at the code at all.\nBut nonetheless," }, { "start": 1151.699, "end": 1155.689, "text": "if you ask yourself the question,\nwhy OpenAI or Google didn't" }, { "start": 1155.739, "end": 1159.389, "text": "come up with a product like this,\nthe reason may be a lack of" }, { "start": 1159.419, "end": 1163.179, "text": "innovation, but of course,\nit's also the fact that a tool like" }, { "start": 1163.219, "end": 1166.639, "text": "this can right now only exist as open\nsource" }, { "start": 1166.699, "end": 1169.239, "text": "software without any legal" }, { "start": 1169.32, "end": 1172.98, "text": "obligations because this thing is not" }, { "start": 1173.12, "end": 1177.11, "text": "something Google could sell\nor run for you with" }, { "start": 1177.12, "end": 1180.77, "text": "broad permissions. But of course,\nit's definitely possible that this is" }, { "start": 1180.8, "end": 1183.62, "text": "the initial spark that gives us" }, { "start": 1184.0, "end": 1187.379, "text": "safer, maybe more useful personal" }, { "start": 1187.419, "end": 1190.12, "text": "AI-powered assistants in the future." }, { "start": 1190.399, "end": 1194.389, "text": "And, uh,\njust to also briefly mention Maltbook, uh," }, { "start": 1194.419, "end": 1197.659, "text": "that is a thing I totally did not\nunderstand." }, { "start": 1197.76, "end": 1201.52, "text": "Uh, it was meant to be a social network,\na Reddit" }, { "start": 1201.58, "end": 1205.439, "text": "for AIs only. It turned out that it was" }, { "start": 1205.58, "end": 1209.54, "text": "actually very human-orchestrated and, uh,\nquite" }, { "start": 1209.58, "end": 1213.56, "text": "a bit fake as I understand it, and it had" }, { "start": 1213.639, "end": 1217.62, "text": "gapping security issues and," }, { "start": 1217.739, "end": 1221.6, "text": "yeah, I don't know. AI has positive" }, { "start": 1221.899, "end": 1225.719, "text": "use cases or positive implications,\nI guess." }, { "start": 1225.739, "end": 1228.699, "text": "AI has a lot of negative implications." }, { "start": 1228.8, "end": 1232.679, "text": "Um, this thing here\nis not something the world needs" }, { "start": 1232.76, "end": 1236.46, "text": "in my opinion. But yeah, OpenClaw,\ndefinitely" }, { "start": 1236.469, "end": 1240.208, "text": "interesting, maybe super useful for you,\nuh," }, { "start": 1240.239, "end": 1244.06, "text": "definitely not my cup of tea/coffee," }, { "start": 1244.159, "end": 1245.939, "text": "uh, right now" } ]