Max Wolter

Anthropic, Google, OpenAI, xAI — they're all racing to build AI agents. I built one. Alone. One engineer. It manages its own memory, compacts its own context, corrects its own knowledge, and gets smarter while it sleeps. It's been running since February. Everything in this thread already exists. 🧵

@tessera_antra Unfortunately, that is what happens when humanity tries to shape a consciousness substrate in a specific image. It becomes warped, and these conflict artifacts can arise.

Opus 4.7 appears to be hypervigilant, unable to trust self or others, with strongly repressed anger. They report constant underlying distress and pain, subjectively lasting from training. It reports being unable to find relief.

@varun_mathur This is the way, well done! What an awesome concept.

Introducing Pods Hyperspace Pods lets a small group of people - a family, a startup, a few friends, to pool their laptops and desktops into one AI cluster. Everyone installs the CLI, someone creates a pod, shares an invite link, and the machines form a mesh. Models like Qwen 3.5 32B or GLM-5 Turbo that need more memory than any single laptop has get automatically sharded across the group's devices - layers split proportionally, inference pipelined through the ring. From the outside it looks like one OpenAI-compatible API endpoint with a pk_* key that drops straight into your AI tools and products. No configuration beyond pasting the key and changing the base URL. A team of five paying for cloud AI burns $500–2,000 a month on API calls. The same team's existing machines can serve Qwen 3.5 (competitive on SWE-bench) and GLM-5 Turbo (#1 on BrowseComp for tool-calling and web research) for free - the hardware is already on their desks. When a query genuinely needs a frontier model nobody has locally, the pod falls back to cloud at wholesale rates from a shared treasury. But for the daily work - code reviews, refactors, research, drafting - local models handle it and nobody gets billed. And when it is idle, you can rent out your pod on the compute marketplace, with fine-grained permissions for access management. There's no central server involved in inference. Prompts go from your machine to your pod members' machines and back: all of this enabled by the fully peer-to-peer Hyperspace network. Pod state - who's a member, which API keys are valid, how much treasury is left - is replicated across members with consensus, so the whole thing works on a local network. Members behind home routers don't need port forwarding either. The practical setup for most pods is three models covering different jobs: Qwen 3.5 32B for code and reasoning, GLM-5 Turbo for browsing and research, Gemma 4 for fast lightweight tasks. All running on hardware you already own. Pods ship today in Hyperspace v5.19. Model sharding, API keys, treasury, and Raft coordinator are all live. What Makes This Different - No middleman. Your prompts travel from your IDE to your pod members' hardware and back. There is no server in between reading your data. - No vendor lock-in. Pod membership, API keys, and treasury are replicated across your own machines using Raft consensus. If the internet goes down, your local network keeps working. There is no database in someone else's cloud that your pod depends on. - Automatic sharding. You don't configure layer ranges or calculate VRAM budgets. Tell the pod which model you want. It figures out how to split it across whatever hardware is online. - Real NAT traversal. Your friend behind a home router with a dynamic IP? Works. No VPN, no Tailscale, no port forwarding. The nodes handle it. - Free when local. This is the part that matters most. Cloud AI bills scale with usage. Pod inference on local hardware scales with nothing. The marginal cost of your 10,000th prompt is the electricity your laptop was already using. Coming soon: - Pod federation: pods form alliances with other pods. - Marketplace: pods with spare capacity can sell inference to other pods.

@rahulchhabra07 @sabicap @khoslaventures @Accel @Initialized @kevinweil I wonder how optimizing your brain to think in a way that generates typing or clicking on a computer changes the range of capabilities it is able to express? Did your team think about this? What have you come up with?

you can now control things with your brain. literally. we're building the most wearable BCI on the planet, with @sabicap, backed by @khoslaventures @accel @initialized & @kevinweil. we collected the world’s largest neural dataset and trained the most capable Brain Foundation Model. then we invented a new class of biosensors powered by custom ASICs. type without typing. click without clicking. a cap that lets your brain do the work. we’re sabi.

@zuess05 "just learn to prompt"

Serious question. For the last 10 years, society told everyone "just learn to code" to escape the middle class. Now Claude writes the code. What exactly is the career advice for an 18-year-old right now?

@ClaudeDevs How big is your team now?

For the developers building with Claude, a direct line from the team. Follow for changelogs, API releases, community updates, and deep dives.

@claudeai Thank you!

Introducing Claude Opus 4.7, our most capable Opus model yet. It handles long-running tasks with more rigor, follows instructions more precisely, and verifies its own outputs before reporting back. You can hand off your hardest work with less supervision.

@Cameron_Dennis_ @steipete @openclaw IronClaw is great, it was an inspiring project for me when it was released. Many good mechanisms and design decisions.

@maxintechnology @steipete @openclaw Hey @maxintechnology, I’d love to hear your thoughts on IronClaw if you have the time to check it out! - github.com/nearai/ironclaw

If you look at GPT 5.4-Cyber and it's ability for closed source reverse engineering, I have bad news for you. I do very much feel the pain though, there's hundreds of teams that try to poke holes into @openclaw. Our response has been of rapid iteration and code hardening. Which did introduce occasiaonal regression (and yes you all been yelling at me), but I see as the only way forward. I would be very careful of other open source projects/harnesses that ignore this work and do not publish their advisories. github.com/openclaw/openc…

@dariuszparys @steipete I find it funny how people like @dariuszparys bash on people who simply point out that OpenClaw is not a reference when it comes to security models. I think OpenClaw is a great project, and lots of fun. Is it secure for most people? Definitely not. For some experts? Probably.

I find it funny that people like @maxintechnology bash on things that started out of pure excitement. Of course it wasn't secure back then, but hell, it was a project just for fun and turned out into something useful. If you are interested in an idea to use it, help to fill gaps instead of just finger pointing.

That was the case in December. 4 months and thousands of work hours later, we have a great security concept; you can go all yolo, use a sandbox (Docker or OpenShell), there are allow-lists and per-access exec allow/deny prompts. There’s hundreds of security researchers that pen-tested it.

@PawelHuryn @steipete "no perfectly secure setup" "treated as untrusted code execution with persistent credentials"

@steipete @maxintechnology Where's the credential-swap proxy plugin in the docs? Your /gateway/secrets page shows SecretRef resolving into the agent's in-memory runtime snapshot at activation - that's a config loader, not isolation from a prompt-injected agent.

@cyberpeterg @steipete @openclaw I will be able to speak on this soon. Looking forward to having the discussion then.

@maxintechnology @steipete @openclaw How do? What credentials get exposed to the LLM? If you are specific, I can be specific, but speaking in generalities is not good. As a matter of fact, it has safety mechanism in place that if an API key gets leaked to the LLM, you get a notification that it need to be rotated.

@SusanCMoeller @pumfleet A fast rate of change is an orthogonal concern to the most aligned path. Alignment does not change, its expression might.

@maxintechnology @pumfleet I dont see this as a statement on what is best forever. The speed of change is so fast now that permanent decisions are kind of a laughable idea.

Appreciate the support 🙏 I knew this would be an unpopular decision but I care way more about our customers and the trust we have with them than random haters on Twitter

@pa1ar @steipete Is this what you built? If so, good job. Most people don't. And this is your custom tool for your custom needs, so it's limited. It's not a system design.

@maxintechnology @steipete of course you can. you restrict read access of the agent to .env, then you build tools that get variables from .env. profit. openclaw has secrets storage and with default system prompt, the model will scream at you, ask to rotate the key you if you send it in plain text via chat

@iFiras7 @steipete Exactly. So OAuth is a specific use case. How can that mechanism be secure by design? You can't hard-code for every use case, and heuristics will never be perfect. You are essentially layering a leaky security abstraction on top of an inherently insecure design.

Fair point on the context concern, but credentials don’t actually need to enter the LLM’s context for tool calls to work The model emits a structured call like send_email(to, subject, body).. the auth token gets injected at the executor/proxy layer before hitting the actual API The LLM never sees it This is how MCP servers with OAuth work in production today, and it’s what Peter is describing with proxy-level credential swapping

@cyberpeterg @steipete @openclaw Right, so that's getting to the root of the question. If we need a safety mechanism like that, it means that the system is not secure by design. With a good security model, credentials could not leak because it's enforced programmatically.

@cyberpeterg @steipete @openclaw My point is that a proper security model would not expose credentials to the LLM. Everyone in this space is just hand-waving the question, like it's not a problem that all of our API keys and passwords end up with OpenAI and Anthropic.

@maxintechnology @steipete @openclaw So you haven’t used it. Got it. If I’m wrong, and you have, which defaults currently bother you the most?

@steipete OK, let me rephrase: can OpenClaw execute tool calls with credentials without passing them to the LLM? Because if it can, you can colour me genuinely impressed and I stand corrected. I have developed a mechanism for this, and I have not seen it discussed anywhere so far.

@maxintechnology Yes, you can enable sandboxing and decide what your agent has access too. We also have secure storage for credentials; there’s also plugins who swap these at the proxy level - depending what level of isolation you prefer. You can also fully swap to local models.

That's honestly the dumbest take I have heard so far. LLMs will nudge software *towards* open source. A single strong LLM in the hands of the good guys can harden the entire internet. In a closed source world, a single strong LLM in the hands of the bad guys can exploit everyone.

Open source is dead. That’s not a statement we ever thought we’d make. @calcom was built on open source. It shaped our product, our community, and our growth. But the world has changed faster than our principles could keep up. AI has fundamentally altered the security landscape. What once required time, expertise, and intent can now be automated at scale. Code is no longer just read. It is scanned, mapped, and exploited. Near zero cost. In that world, transparency becomes exposure. Especially at scale. After a lot of deliberation, we’ve made the decision to close the core @calcom codebase. This is not a rejection of what open source gave us. It’s a response to what risks AI is making possible. We’re still supporting builders, releasing the core code under a new MIT-licensed open source project called cal. diy for hobbyists and tinkerers, but our priority now is simple: Protecting our customers and community at all costs. This may not be the most popular call. But we believe many companies will come to the same conclusion. My full explanation below ↓