OpenClaw and the privacy problem of agentic AI

by dharm
February 20, 2026 · 7:43 AM
OpenClaw and the privacy problem of agentic AI


Unlock the Editor’s Digest for free

Personal agents that work just for you have long been a dream in the tech world. Toiling in the background on your computer to manage your schedule or sort through your email, or venturing out on to the internet to carry out research or make purchases, they could take on much of your digital load.

The technology pieces are finally falling into place for this to become a reality. But as the first demonstrations of personal digital agents see the light of day, the questions that still need to be answered before they can hope for wide acceptance are becoming clear. Chief among them: How can you be sure that they will always be working in your own best interests? 

A glimpse of one possible future for personal agents has come with OpenClaw, a technology project that took the developer world by storm earlier this year. OpenClaw, which was first known as Clawdbot, then Moltbot, drew wider public interest late last month when agents created with the technology started chatting among themselves on a social network built just for bots.

The underlying tools that made this possible may be of more lasting interest than the inter-bot conversations. These are capabilities that all the big tech companies hope to bring to their users as they look to turn personal assistants like Siri and Gemini into all-purpose agents.

OpenClaw was released as open source software, so demand is helped by the fact that users are free to build their own app integrations. But from a technology perspective, there is nothing particularly special about OpenClaw, whose intelligence is supplied by one of the language models it can be instructed to tap into.

Its power relies on a few basic ingredients. These include granting the agent full access to a user’s computer, as well as the freedom to try whatever actions it likes to accomplish a stated task. It also has enough memory to recall previous sessions, increasing the personalisation.

There is also a website called ClawHub for developers to post “skills” that can be used to train the agent to carry out specialist tasks. This echoes the plug-in skills that Anthropic created this year for its Cowork agent and is an early sign of the kind of “App Stores for agents” that could one day be significant.

However, it won’t be safe to unleash technology like this on to the wider computing population until it meets some demanding requirements. This includes being sure the agents are completely reliable. That is always going to be hard with a probabilistic AI system. 

They also have to be totally secure and privacy-respecting, since they will have access to all your data. And you have to feel confident that the design decisions that went into them were made with your own best interests at heart, not the interests of the company that built them.

It is on the safety issue that OpenClaw falls flat on its face. As things stand, it is wide open to prompt injection attacks — the threat that someone will instruct the agent, perhaps through an email, to do something nefarious like leak your credit card information.

This is a glaring hole in prompt-based systems that may be hard to fix. It is one of the main problems Apple needs to solve before its delayed upgrade to Siri — the centrepiece of Apple Intelligence — finally sees the light of day.

For the big tech companies, personal agents like this promise to tie billions of users even more tightly into their fleet of products and services — whether that means Siri operating across Apple’s range of devices or a Google assistant working on the data collected about you across that company’s various services.

OpenAI, which last weekend hired OpenClaw’s creator, is hinting at a different future: one populated by a wide range of independent agents that are not beholden to the business interests of the big tech companies.

The AI company promised to run OpenClaw as an independent project, under a separately constituted open source foundation. Lacking the sort of broad ecosystem of devices, apps and services that tie users to the established tech empires, OpenAI can afford to take a more disruptive stance as it tries to break open the agent market.

However, OpenAI’s own incentives will change as it looks to build a bigger business around ChatGPT, for instance with its new advertising service and plans for a range of devices. OpenClaw is a tantalising early glimpse of what could come, though it is still too early to tell in what form most people will first experience the services of a personal digital servant.

richard.waters@ft.com

⚠️ Disclaimer: All information provided on MyCabiz is published in good faith for general informational purposes only. MyCabiz does not make any warranties regarding the accuracy or completeness of the information and shall not be held liable for any losses arising from its use. Financial markets are subject to risk, and users are advised to consult a SEBI-registered financial advisor prior to making any investment decisions. Past performance is not a reliable indicator of future outcomes.

Suggested Topics: