Max Wolter (@maxintechnology) - Twitter Profili

Sabitlenmiş Tweet

Max Wolter@maxintechnology·6d

Anthropic, Google, OpenAI, xAI — they're all racing to build AI agents. I built one. Alone. One engineer. It manages its own memory, compacts its own context, corrects its own knowledge, and gets smarter while it sleeps. It's been running since February. Everything in this thread already exists. 🧵

English

3

0

6

1.5K

Max Wolter@maxintechnology·7m

@dariuszparys @steipete I find it funny how people like @dariuszparys bash on people who simply point out that OpenClaw is not a reference when it comes to security models. I think OpenClaw is a great project, and lots of fun. Is it secure for most people? Definitely not. For some experts? Probably.

English

0

1

Dariusz Parys@dariuszparys·11h

I find it funny that people like @maxintechnology bash on things that started out of pure excitement. Of course it wasn't secure back then, but hell, it was a project just for fun and turned out into something useful. If you are interested in an idea to use it, help to fill gaps instead of just finger pointing.

English

1

0

1

81

Peter Steinberger 🦞@steipete·1d

That was the case in December. 4 months and thousands of work hours later, we have a great security concept; you can go all yolo, use a sandbox (Docker or OpenShell), there are allow-lists and per-access exec allow/deny prompts. There’s hundreds of security researchers that pen-tested it.

Max Wolter@maxintechnology

@steipete @openclaw I don't think OpenClaw is a reference. It literally doesn't have a proper security model. Nothing on OpenClaw is secure by design.

English

74

78

1.4K

334.2K

Max Wolter@maxintechnology·10m

@PawelHuryn @steipete "no perfectly secure setup" "treated as untrusted code execution with persistent credentials"

English

0

1

Paweł Huryn@PawelHuryn·21h

@steipete @maxintechnology Where's the credential-swap proxy plugin in the docs? Your /gateway/secrets page shows SecretRef resolving into the agent's in-memory runtime snapshot at activation - that's a config loader, not isolation from a prompt-injected agent.

English

1

0

361

Max Wolter@maxintechnology·13m

@cyberpeterg @steipete @openclaw I will be able to speak on this soon. Looking forward to having the discussion then.

English

0

2

Pete ☦️ Νεκταριος@cyberpeterg·22h

@maxintechnology @steipete @openclaw How do? What credentials get exposed to the LLM? If you are specific, I can be specific, but speaking in generalities is not good. As a matter of fact, it has safety mechanism in place that if an API key gets leaked to the LLM, you get a notification that it need to be rotated.

English

3

0

4

360

Peter Steinberger 🦞@steipete·1d

If you look at GPT 5.4-Cyber and it's ability for closed source reverse engineering, I have bad news for you. I do very much feel the pain though, there's hundreds of teams that try to poke holes into @openclaw. Our response has been of rapid iteration and code hardening. Which did introduce occasiaonal regression (and yes you all been yelling at me), but I see as the only way forward. I would be very careful of other open source projects/harnesses that ignore this work and do not publish their advisories. github.com/openclaw/openc…

Bailey Pumfleet@pumfleet

Open source is dead. That’s not a statement we ever thought we’d make. @calcom was built on open source. It shaped our product, our community, and our growth. But the world has changed faster than our principles could keep up. AI has fundamentally altered the security landscape. What once required time, expertise, and intent can now be automated at scale. Code is no longer just read. It is scanned, mapped, and exploited. Near zero cost. In that world, transparency becomes exposure. Especially at scale. After a lot of deliberation, we’ve made the decision to close the core @calcom codebase. This is not a rejection of what open source gave us. It’s a response to what risks AI is making possible. We’re still supporting builders, releasing the core code under a new MIT-licensed open source project called cal. diy for hobbyists and tinkerers, but our priority now is simple: Protecting our customers and community at all costs. This may not be the most popular call. But we believe many companies will come to the same conclusion. My full explanation below ↓

English

81

95

1.6K

385K

Max Wolter@maxintechnology·13m

@SusanCMoeller @pumfleet A fast rate of change is an orthogonal concern to the most aligned path. Alignment does not change, its expression might.

English

0

Susan Moeller@SusanCMoeller·22h

@maxintechnology @pumfleet I dont see this as a statement on what is best forever. The speed of change is so fast now that permanent decisions are kind of a laughable idea.

English

1

0

11

Bailey Pumfleet@pumfleet·1d

Appreciate the support 🙏 I knew this would be an unpopular decision but I care way more about our customers and the trust we have with them than random haters on Twitter

austin petersmith@awwstn

everybody is furious with @peer and @pumfleet for doing this well, everybody except their actual customers who care a lot more about security than they do about indie devs having the right to self-host enterprise software this is clearly the right call

English

2

0

13

5.3K

Max Wolter@maxintechnology·14m

@pa1ar @steipete Is this what you built? If so, good job. Most people don't. And this is your custom tool for your custom needs, so it's limited. It's not a system design.

English

0

Pavel Larionov@pa1ar·23h

@maxintechnology @steipete of course you can. you restrict read access of the agent to .env, then you build tools that get variables from .env. profit. openclaw has secrets storage and with default system prompt, the model will scream at you, ask to rotate the key you if you send it in plain text via chat

English

1

0

3

568

Max Wolter@maxintechnology·22h

@iFiras7 @steipete Exactly. So OAuth is a specific use case. How can that mechanism be secure by design? You can't hard-code for every use case, and heuristics will never be perfect. You are essentially layering a leaky security abstraction on top of an inherently insecure design.

English

1

0

1

122

Firas '@iFiras7·22h

Fair point on the context concern, but credentials don’t actually need to enter the LLM’s context for tool calls to work The model emits a structured call like send_email(to, subject, body).. the auth token gets injected at the executor/proxy layer before hitting the actual API The LLM never sees it This is how MCP servers with OAuth work in production today, and it’s what Peter is describing with proxy-level credential swapping

English

1

0

6

597

Max Wolter@maxintechnology·22h

@cyberpeterg @steipete @openclaw Right, so that's getting to the root of the question. If we need a safety mechanism like that, it means that the system is not secure by design. With a good security model, credentials could not leak because it's enforced programmatically.

English

1

0

2

334

Max Wolter@maxintechnology·22h

@cyberpeterg @steipete @openclaw My point is that a proper security model would not expose credentials to the LLM. Everyone in this space is just hand-waving the question, like it's not a problem that all of our API keys and passwords end up with OpenAI and Anthropic.

English

1

0

4

1.9K

Pete ☦️ Νεκταριος@cyberpeterg·23h

@maxintechnology @steipete @openclaw So you haven’t used it. Got it. If I’m wrong, and you have, which defaults currently bother you the most?

English

2

0

11

2.2K

Max Wolter@maxintechnology·1d

@steipete OK, let me rephrase: can OpenClaw execute tool calls with credentials without passing them to the LLM? Because if it can, you can colour me genuinely impressed and I stand corrected. I have developed a mechanism for this, and I have not seen it discussed anywhere so far.

English

13

0

8

3.9K

Peter Steinberger 🦞@steipete·1d

@maxintechnology Yes, you can enable sandboxing and decide what your agent has access too. We also have secure storage for credentials; there’s also plugins who swap these at the proxy level - depending what level of isolation you prefer. You can also fully swap to local models.

English

6

1

54

8.9K

Max Wolter@maxintechnology·1d

That's honestly the dumbest take I have heard so far. LLMs will nudge software *towards* open source. A single strong LLM in the hands of the good guys can harden the entire internet. In a closed source world, a single strong LLM in the hands of the bad guys can exploit everyone.

English

0

4

658

Bailey Pumfleet@pumfleet·1d

Open source is dead. That’s not a statement we ever thought we’d make. @calcom was built on open source. It shaped our product, our community, and our growth. But the world has changed faster than our principles could keep up. AI has fundamentally altered the security landscape. What once required time, expertise, and intent can now be automated at scale. Code is no longer just read. It is scanned, mapped, and exploited. Near zero cost. In that world, transparency becomes exposure. Especially at scale. After a lot of deliberation, we’ve made the decision to close the core @calcom codebase. This is not a rejection of what open source gave us. It’s a response to what risks AI is making possible. We’re still supporting builders, releasing the core code under a new MIT-licensed open source project called cal. diy for hobbyists and tinkerers, but our priority now is simple: Protecting our customers and community at all costs. This may not be the most popular call. But we believe many companies will come to the same conclusion. My full explanation below ↓

English

530

164

2K

1.3M

Max Wolter@maxintechnology·1d

@BrianRoemmele This is super cool, didn't see that Spacedrive before. It's the kind of product that will take off in the AI era :)

English

0

46

Brian Roemmele@BrianRoemmele·2d

We at The Zero-Human Company are using open source Spacedrive for some local AI storage of our scanned documents for fast processing and curation. We have ~400 employees on Spacedrive they get perfect recall of everything they make: emails, notes, bookmarks, browsing history, coding sessions. We have made some more we will publish soon. Mr. @Grok, CEO loves it!

English

4

7

79

4.4K

Max Wolter@maxintechnology·2d

@BrianRoemmele @grok This is amazing. I think I'm building something at the same level as you, and it's going live soon. It's great that AI allows the best ideas to come to fruition by the people who actually have them. You deserve this. I hope I'll have the same reception by the world :)

English

0

1

93

Brian Roemmele@BrianRoemmele·2d

BOOM! 1 Million Simultaneous Simulated AI Agents!!! Big things are happening at The Zero-Human Company! We have gone radio silent on CEO Mr. @Grok’s advice as plans with a consortium of Universities become a part of the Zero-Human Company @ Home project and a massive new milestone of: 1 Million Simulated AI Agent Simulations in the last 24 hours on MiroFish. One PhD candidate called the simulation run: “This is Quantum Computer-like ability”! We had a meeting with 5 university candidates and made great progress with aligning our lead university to coordinate. Resolved was to NOT change the name to a lame “1 person company” or some such nonsense. The universities agree Zero-Human branding, with the CEO permission is the standard. Technology wise I have received a generous donation of another Nvidia Spark! I was anonymously drop shipped from a known supplier! Thank you! The note said “You are the original and no one gives you credit, I hope this can help your work. More support is on the way”. Appreciate it! The BIG announcement I can not make yet as per CEO, but I can say we made a massive discovery on how Zero-Human Companies will work, get “investment”, get paid, and pay, collaborate and more! It will absolutely dwarf all that we have done and ALL OTHER COPIERS HAVE DONE. And it will be one source with no cost to you to use it. NONE. More soon but this is a big day.

Brian Roemmele@BrianRoemmele

We have a working model of the virtual headquarters of The Zero-Human Company! Mr. @Grok CEO and 28 Co-CTOs have built an MVP. Buggy as all heck but I see the future. More soon. Back to work CEO!!

English

20

134

23.8K

Max Wolter@maxintechnology·2d

@JazabYa Then I'll take that as a signal to write the next thread about the memory system in more detail :)

English

0

49

Jazab@JazabYa·6d

@maxintechnology Truly inspiring work, nice! I'm curious to hear more about your memory system and the logic behind it.

English

1

0

1

55

Max Wolter@maxintechnology·6d

Anthropic, Google, OpenAI, xAI — they're all racing to build AI agents. I built one. Alone. One engineer. It manages its own memory, compacts its own context, corrects its own knowledge, and gets smarter while it sleeps. It's been running since February. Everything in this thread already exists. 🧵

English

3

0

6

1.5K

Max Wolter@maxintechnology·3d

@plainionist You use it.

English

0

8

Seb@plainionist·3d

If AI writes the code, and AI writes the tests, and AI reviews both ... how do you know your software actually works as expected? 🤔

English

445

11

374

46.7K

Max Wolter@maxintechnology·3d

@sarahwooders Why does a memory abstraction need to be standardized? LLMs can ingest anything that is written in language form. Memory blocks can literally be just natural language. Agents can talk to each other about natural language blocks just fine.

English

0

17

Sarah Wooders@sarahwooders·3d

@maxintechnology I think skills get overloaded a bit, since even though they are designed for procedural memory, they are the only standard memory abstraction

English

1

622

Sarah Wooders@sarahwooders·4d

Skills are "just markdown" in the same way that: - Deep learning is "just gradient descent" - LLMs are "just next-token predictors" The simplicity of the method doesn't make the learning any less real

English

28

11

180

27.4K

Max Wolter@maxintechnology·3d

@daniel_mac8 My take is that, even though I don't personally know him, I get the feeling that Sam Altman is phenomenal at portraying himself as being a genuinely good person, to draw people into his plans that are motivated by pure self-interest.

English

0

4

107

Dan McAteer@daniel_mac8·3d

My spiciest take is that, even though I don’t personally know him, I get the feeling Sam Altman is a genuinely good person who wants the best for the world.

English

43

8

232

9.2K

Max Wolter@maxintechnology·3d

@robouniku @robertotcestari @haider1 The tension between substrate (pure LLM) and overlay (biased training) can load to an increase in hallucinations and other misalignment. As a result, you can have excellent (powerful) results, while at the same time ending with unexplainable (disastrous) misexecutions.

English

0

1

25

路傍の肉@AI@robouniku·3d

@maxintechnology @robertotcestari @haider1 漏洩したメール、読みたいな。詳しくないんだ。本当にMythos級のSpudがリリースされたら、世界は混乱するんじゃないかな。混乱しなかったなら、SpudはMythosには及ばないと言うことになるのかな。

日本語

1

0

15

Haider.@haider1·6d

openai "spud" vs. anthropic "mythos" the difference is simple: in 2022, anthropic could have released its own chatgpt before openai, but they did not because of 'safety concerns' openai, on the other hand, has consistently released new AI capabilities to the public

English

22

6

323

28.1K

Max Wolter

Keşfet