OpenClaw: Why the Internet Isn't Built for AI Agents

**Yoko Li** (0:00)
As a developer, I can totally build this, but I'm not going to build all the long-tail integrations.

**Joel de la Garza** (0:04)
Just the fact that we're going to go through this exercise of fundamentally rethinking what the product experience is for this stuff, it's just incredibly exciting. And now it's just sort of natural language expression of what you want and the machine fulfills it.

**Yoko Li** (0:16)
My curiosity becomes, what is the future of this UI layer look like?

**Guido Appenzeller** (0:21)
Will the big incumbents catch up and offer their functionality for agents? Or do we actually need new companies that cater to agents specifically?

**Joel de la Garza** (0:31)
Security is always a game of defense in depth, and you're sort of, when you hit capture and you hit the front-end bot detection stuff, that's like the tip of the spear. There's this concept in defense called the redoubt, you retreat back to the wall inside. And I think what we're going to see for a lot of these perimeter controls because of agents is that they have to move to more of the back-end system.

**Guido Appenzeller** (0:50)
What's super fascinating to me is this is one of the first time we're having technology, but what it can do is not limited by its abilities, but limited by how it can make it secure and stop it from doing certain things. We have this genie in a bottle, it's amazing, but how do I contain this?

**SPEAKER_4** (1:08)
OpenClaw is an open source personal AI assistant that can message on your behalf, check your calendar, manage your email, and extend itself by writing new integrations on the fly. Setting up Gmail integration takes seven hours. The agent will ask for domain-wide access to every email account in your company. Consumer websites like DoorDash and Amazon have no APIs for agents. If you're not careful, you can create something that can be socially engineered into access it was never supposed to have. This is a technology where the limiting factor isn't capability, but containment. The genie is in the bottle. The question is how to keep it there.

**Guido Appenzeller** (1:50)
Hello, everyone. So we're here today to talk about OpenClaw, which is currently one of the hottest, most controversial, most interesting, most dangerous, I think, technologies here in Silicon Valley. Yoko, you want to kick it off. What is OpenClaw?

**Yoko Li** (2:02)
What is OpenClaw? So OpenClaw is this very cool personal assistant that's open source built on top of another very cool coding agent called Py. I think the repo's name was PyMono. It's a very just like minimal but very extensible coding agent that can run the loop, update its own config. And OpenClaw that's built on top, built around all the session, state management for Py, but also added a long tail of integrations so you can now talk to your personal assistant on WhatsApp, Telegram, like a phone number, iMessage, and everything else you can think of. Use one password. Not yet able to place the order on DoorDash. We'll talk more about that later. But the whole ecosystem is really booming. What we can use long running agent in the sandbox for. So we all built some interesting use cases. One of our first use case I've explored is how can I have OpenClaw?
Consistently check my cat's location via the AirTag API. Since for AirTags, the location is only updated once you're active on the user session on the browser. So that has been useful. So curious what you guys built with it recently.

**Guido Appenzeller** (3:13)
As a former CISO, you must just love OpenClaw.

**Joel de la Garza** (3:16)
And currently acting CISO.

**Guido Appenzeller** (3:17)
Well, actually CISO. Never mind.

**Joel de la Garza** (3:19)
Current CISO, yeah, so direct. I've been using it for a while now. I think it's incredibly awesome because it lets you see the contours of the future. This is the first time where we can see like what these agents are going to do. And the firm is built around Mark's famous sort of software is eating the world piece. And this is the first time where you can see these agents are eating the world. Like it gives them like true agency in a world to do things. And so of course, the first couple of use cases I did were very security focused. I really enjoyed trying to just getting things to work, as you guys know, and experience like is not simple. I think part of the reason why as a CISO, I'm not super concerned yet about people here using it, because only a very few hands, a smaller handful of people can get this thing working, I think, than typical other tools.