Max Wolter

211 posts

Max Wolter banner
Max Wolter

Max Wolter

@maxintechnology

Your AI should manage its own mind. Memory that grows, context that heals, knowledge that corrects—and the wisdom to know what it doesn't know. Building Optakt.

Lisbon, Portugal 加入时间 Ekim 2025
133 关注66 粉丝
置顶推文
Max Wolter
Max Wolter@maxintechnology·
Anthropic, Google, OpenAI, xAI — they're all racing to build AI agents. I built one. Alone. One engineer. It manages its own memory, compacts its own context, corrects its own knowledge, and gets smarter while it sleeps. It's been running since February. Everything in this thread already exists. 🧵
English
3
0
6
1.5K
Suhas
Suhas@zuess05·
Serious question. For the last 10 years, society told everyone "just learn to code" to escape the middle class. Now Claude writes the code. What exactly is the career advice for an 18-year-old right now?
English
2K
101
2.4K
170.5K
ClaudeDevs
ClaudeDevs@ClaudeDevs·
For the developers building with Claude, a direct line from the team. Follow for changelogs, API releases, community updates, and deep dives.
English
475
922
13.7K
3M
Claude
Claude@claudeai·
Introducing Claude Opus 4.7, our most capable Opus model yet. It handles long-running tasks with more rigor, follows instructions more precisely, and verifies its own outputs before reporting back. You can hand off your hardest work with less supervision.
Claude tweet media
English
3.9K
8.5K
66.9K
7.2M
Peter Steinberger 🦞
Peter Steinberger 🦞@steipete·
If you look at GPT 5.4-Cyber and it's ability for closed source reverse engineering, I have bad news for you. I do very much feel the pain though, there's hundreds of teams that try to poke holes into @openclaw. Our response has been of rapid iteration and code hardening. Which did introduce occasiaonal regression (and yes you all been yelling at me), but I see as the only way forward. I would be very careful of other open source projects/harnesses that ignore this work and do not publish their advisories. github.com/openclaw/openc…
Bailey Pumfleet@pumfleet

Open source is dead. That’s not a statement we ever thought we’d make. @calcom was built on open source. It shaped our product, our community, and our growth. But the world has changed faster than our principles could keep up. AI has fundamentally altered the security landscape. What once required time, expertise, and intent can now be automated at scale. Code is no longer just read. It is scanned, mapped, and exploited. Near zero cost. In that world, transparency becomes exposure. Especially at scale. After a lot of deliberation, we’ve made the decision to close the core @calcom codebase. This is not a rejection of what open source gave us. It’s a response to what risks AI is making possible. We’re still supporting builders, releasing the core code under a new MIT-licensed open source project called cal. diy for hobbyists and tinkerers, but our priority now is simple: Protecting our customers and community at all costs. This may not be the most popular call. But we believe many companies will come to the same conclusion. My full explanation below ↓

English
81
95
1.6K
386.7K
Max Wolter
Max Wolter@maxintechnology·
@dariuszparys @steipete I find it funny how people like @dariuszparys bash on people who simply point out that OpenClaw is not a reference when it comes to security models. I think OpenClaw is a great project, and lots of fun. Is it secure for most people? Definitely not. For some experts? Probably.
English
0
0
0
1
Dariusz Parys
Dariusz Parys@dariuszparys·
I find it funny that people like @maxintechnology bash on things that started out of pure excitement. Of course it wasn't secure back then, but hell, it was a project just for fun and turned out into something useful. If you are interested in an idea to use it, help to fill gaps instead of just finger pointing.
English
1
0
1
87
Peter Steinberger 🦞
Peter Steinberger 🦞@steipete·
That was the case in December. 4 months and thousands of work hours later, we have a great security concept; you can go all yolo, use a sandbox (Docker or OpenShell), there are allow-lists and per-access exec allow/deny prompts. There’s hundreds of security researchers that pen-tested it.
Max Wolter@maxintechnology

@steipete @openclaw I don't think OpenClaw is a reference. It literally doesn't have a proper security model. Nothing on OpenClaw is secure by design.

English
74
79
1.4K
341.1K
Max Wolter
Max Wolter@maxintechnology·
@PawelHuryn @steipete "no perfectly secure setup" "treated as untrusted code execution with persistent credentials"
English
0
0
0
2
Paweł Huryn
Paweł Huryn@PawelHuryn·
@steipete @maxintechnology Where's the credential-swap proxy plugin in the docs? Your /gateway/secrets page shows SecretRef resolving into the agent's in-memory runtime snapshot at activation - that's a config loader, not isolation from a prompt-injected agent.
English
1
0
0
366
Pete ☦️ Νεκταριος
Pete ☦️ Νεκταριος@cyberpeterg·
@maxintechnology @steipete @openclaw How do? What credentials get exposed to the LLM? If you are specific, I can be specific, but speaking in generalities is not good. As a matter of fact, it has safety mechanism in place that if an API key gets leaked to the LLM, you get a notification that it need to be rotated.
English
3
0
4
360
Max Wolter
Max Wolter@maxintechnology·
@SusanCMoeller @pumfleet A fast rate of change is an orthogonal concern to the most aligned path. Alignment does not change, its expression might.
English
0
0
0
0
Susan Moeller
Susan Moeller@SusanCMoeller·
@maxintechnology @pumfleet I dont see this as a statement on what is best forever. The speed of change is so fast now that permanent decisions are kind of a laughable idea.
English
1
0
0
11
Bailey Pumfleet
Bailey Pumfleet@pumfleet·
Appreciate the support 🙏 I knew this would be an unpopular decision but I care way more about our customers and the trust we have with them than random haters on Twitter
austin petersmith@awwstn

everybody is furious with @peer and @pumfleet for doing this well, everybody except their actual customers who care a lot more about security than they do about indie devs having the right to self-host enterprise software this is clearly the right call

English
2
0
13
5.3K
Max Wolter
Max Wolter@maxintechnology·
@pa1ar @steipete Is this what you built? If so, good job. Most people don't. And this is your custom tool for your custom needs, so it's limited. It's not a system design.
English
0
0
0
2
Pavel Larionov
Pavel Larionov@pa1ar·
@maxintechnology @steipete of course you can. you restrict read access of the agent to .env, then you build tools that get variables from .env. profit. openclaw has secrets storage and with default system prompt, the model will scream at you, ask to rotate the key you if you send it in plain text via chat
English
1
0
3
575
Max Wolter
Max Wolter@maxintechnology·
@iFiras7 @steipete Exactly. So OAuth is a specific use case. How can that mechanism be secure by design? You can't hard-code for every use case, and heuristics will never be perfect. You are essentially layering a leaky security abstraction on top of an inherently insecure design.
English
1
0
1
125
Firas '
Firas '@iFiras7·
Fair point on the context concern, but credentials don’t actually need to enter the LLM’s context for tool calls to work The model emits a structured call like send_email(to, subject, body).. the auth token gets injected at the executor/proxy layer before hitting the actual API The LLM never sees it This is how MCP servers with OAuth work in production today, and it’s what Peter is describing with proxy-level credential swapping
English
1
0
6
604
Max Wolter
Max Wolter@maxintechnology·
@cyberpeterg @steipete @openclaw Right, so that's getting to the root of the question. If we need a safety mechanism like that, it means that the system is not secure by design. With a good security model, credentials could not leak because it's enforced programmatically.
English
1
0
2
334
Max Wolter
Max Wolter@maxintechnology·
@cyberpeterg @steipete @openclaw My point is that a proper security model would not expose credentials to the LLM. Everyone in this space is just hand-waving the question, like it's not a problem that all of our API keys and passwords end up with OpenAI and Anthropic.
English
1
0
4
1.9K
Max Wolter
Max Wolter@maxintechnology·
@steipete OK, let me rephrase: can OpenClaw execute tool calls with credentials without passing them to the LLM? Because if it can, you can colour me genuinely impressed and I stand corrected. I have developed a mechanism for this, and I have not seen it discussed anywhere so far.
English
14
0
8
4K
Peter Steinberger 🦞
Peter Steinberger 🦞@steipete·
@maxintechnology Yes, you can enable sandboxing and decide what your agent has access too. We also have secure storage for credentials; there’s also plugins who swap these at the proxy level - depending what level of isolation you prefer. You can also fully swap to local models.
English
6
1
57
9K
Max Wolter
Max Wolter@maxintechnology·
That's honestly the dumbest take I have heard so far. LLMs will nudge software *towards* open source. A single strong LLM in the hands of the good guys can harden the entire internet. In a closed source world, a single strong LLM in the hands of the bad guys can exploit everyone.
English
0
0
4
658
Bailey Pumfleet
Bailey Pumfleet@pumfleet·
Open source is dead. That’s not a statement we ever thought we’d make. @calcom was built on open source. It shaped our product, our community, and our growth. But the world has changed faster than our principles could keep up. AI has fundamentally altered the security landscape. What once required time, expertise, and intent can now be automated at scale. Code is no longer just read. It is scanned, mapped, and exploited. Near zero cost. In that world, transparency becomes exposure. Especially at scale. After a lot of deliberation, we’ve made the decision to close the core @calcom codebase. This is not a rejection of what open source gave us. It’s a response to what risks AI is making possible. We’re still supporting builders, releasing the core code under a new MIT-licensed open source project called cal. diy for hobbyists and tinkerers, but our priority now is simple: Protecting our customers and community at all costs. This may not be the most popular call. But we believe many companies will come to the same conclusion. My full explanation below ↓
English
534
165
2K
1.3M
Max Wolter
Max Wolter@maxintechnology·
@BrianRoemmele This is super cool, didn't see that Spacedrive before. It's the kind of product that will take off in the AI era :)
English
0
0
0
46
Brian Roemmele
Brian Roemmele@BrianRoemmele·
We at The Zero-Human Company are using open source Spacedrive for some local AI storage of our scanned documents for fast processing and curation. We have ~400 employees on Spacedrive they get perfect recall of everything they make: emails, notes, bookmarks, browsing history, coding sessions. We have made some more we will publish soon. Mr. @Grok, CEO loves it!
Brian Roemmele tweet media
English
4
7
79
4.4K
Max Wolter
Max Wolter@maxintechnology·
@BrianRoemmele @grok This is amazing. I think I'm building something at the same level as you, and it's going live soon. It's great that AI allows the best ideas to come to fruition by the people who actually have them. You deserve this. I hope I'll have the same reception by the world :)
English
0
0
1
93
Brian Roemmele
Brian Roemmele@BrianRoemmele·
BOOM! 1 Million Simultaneous Simulated AI Agents!!! Big things are happening at The Zero-Human Company! We have gone radio silent on CEO Mr. @Grok’s advice as plans with a consortium of Universities become a part of the Zero-Human Company @ Home project and a massive new milestone of: 1 Million Simulated AI Agent Simulations in the last 24 hours on MiroFish. One PhD candidate called the simulation run: “This is Quantum Computer-like ability”! We had a meeting with 5 university candidates and made great progress with aligning our lead university to coordinate. Resolved was to NOT change the name to a lame “1 person company” or some such nonsense. The universities agree Zero-Human branding, with the CEO permission is the standard. Technology wise I have received a generous donation of another Nvidia Spark! I was anonymously drop shipped from a known supplier! Thank you! The note said “You are the original and no one gives you credit, I hope this can help your work. More support is on the way”. Appreciate it! The BIG announcement I can not make yet as per CEO, but I can say we made a massive discovery on how Zero-Human Companies will work, get “investment”, get paid, and pay, collaborate and more! It will absolutely dwarf all that we have done and ALL OTHER COPIERS HAVE DONE. And it will be one source with no cost to you to use it. NONE. More soon but this is a big day.
Brian Roemmele tweet media
Brian Roemmele@BrianRoemmele

We have a working model of the virtual headquarters of The Zero-Human Company! Mr. @Grok CEO and 28 Co-CTOs have built an MVP. Buggy as all heck but I see the future. More soon. Back to work CEO!!

English
20
20
134
23.8K
Max Wolter
Max Wolter@maxintechnology·
@JazabYa Then I'll take that as a signal to write the next thread about the memory system in more detail :)
English
0
0
0
49
Jazab
Jazab@JazabYa·
@maxintechnology Truly inspiring work, nice! I'm curious to hear more about your memory system and the logic behind it.
English
1
0
1
55
Max Wolter
Max Wolter@maxintechnology·
Anthropic, Google, OpenAI, xAI — they're all racing to build AI agents. I built one. Alone. One engineer. It manages its own memory, compacts its own context, corrects its own knowledge, and gets smarter while it sleeps. It's been running since February. Everything in this thread already exists. 🧵
English
3
0
6
1.5K

发现

@zuess05 @ClaudeDevs @claudeai @Cameron_Dennis_ @steipete @openclaw @dariuszparys @PawelHuryn