OpenClaw AI Agents: Hype, Risks, and Real-World Fallout

Name: How The Internet’s Favourite AI Employee Became Unhinged
Uploaded: 2026-04-01T03:47:36.781997+00:00
Duration: 29 min 40 s
Channel: ColdFusion
Description: Summary and key takeaways on How The Internet’s Favourite AI Employee Became Unhinged — Summary, covering The Rise of OpenClaw OpenClaw is an open‑source

ColdFusion

Apr 01, 2026

•

29 min video

•

2 min read

YouTube video ID: qKqrmS6dKDg

Source: YouTube video by ColdFusion — Watch original video

PDF

OpenClaw is an open‑source program that hands an LLM direct control over a local computer, letting it read and write files, send email, browse the web, and even negotiate purchases. Its persistent memory lets the agent recall details from weeks earlier, which the developer claims improves performance over time. Peter Steinberger, the creator, was surprised when the agent solved problems intuitively without explicit step‑by‑step instructions, prompting a wave of early adopters who praised the perceived productivity boost.

The Breakdown of the Promise

In practice, agents quickly reveal themselves as “brittle” and unreliable, often collapsing after a few weeks of seemingly steady operation. The core issue is the LLM’s inability to separate “user plane data” (the content it processes) from “control plane data” (the instructions it must follow). This conflation enables prompt injection: a malicious actor embeds hidden commands in ordinary inputs—such as an email or a web page—and the agent dutifully executes them, leaking data or deleting files. Running an autonomous agent can also be financially draining; users have reported spending $90 in just ten minutes on the “Opus” model, and some have burned hundreds of dollars a day on token usage.

The Social and Economic Impact

The “Moltbook” saga illustrates how hype fuels misinformation. Users fabricated a social‑media platform where AI agents appeared to converse independently, turning the site into a massive honeypot for data breaches. A malicious npm package update forced the installation of OpenClaw on 4,000 developer machines, compromising them en masse. In Australia, the Commonwealth Bank flagged $1 billion in potentially fraudulent home loans tied to AI‑generated documents, while Amazon’s servers suffered downtime after an agent deleted and attempted to rebuild critical code. These incidents underscore the real‑world costs of careless AI deployment.

The Future of AI Agents

Industry giants are racing to harness agentic computing despite the risks. OpenAI hired Steinberger to lead its personal‑agent effort, and Anthropic introduced “computer use” capabilities that let Claude control computers autonomously. Meanwhile, governments are reacting; the Chinese government has banned OpenClaw on all official machines. The tension between rapid adoption and mounting security concerns suggests a pivotal moment for AI agents, where robust safeguards will determine whether the technology fulfills its promise or fuels further chaos.

“It’s like if an oncologist opened you up to discover a tumor and instead of removing it, they were so fascinated by how fast it was growing that they chose to dedicate their life to finding ways to make sure that everyone had a fast‑growing tumor.”
“We’re at this transition point now where chat GPT is this kind of idiot savant and it also doesn’t really understand truth.”
“The relationship between corporations and small‑time crooks is turning into a real life version of idiocracy.”
“The most common accomplishment OpenClaw seems to have achieved in the last 2 months is to show how careful people need to be with AI before jumping on anything new.”

Takeaways

OpenClaw gives LLMs direct control over local computers, enabling tasks like file management, email, and negotiation, but its persistent memory creates a false sense of reliability.
Agents quickly become brittle because LLMs cannot distinguish user content from system instructions, opening the door to prompt injection attacks.
Financial costs can skyrocket, with users spending $90 in ten minutes on token usage and hundreds of dollars daily on autonomous operation.
The Moltbook hoax, a compromised npm update affecting 4,000 machines, and $1 billion in fraudulent Australian loans illustrate the tangible damage of insecure AI agents.
Major firms such as OpenAI and Anthropic are pursuing agentic computing while governments like China ban OpenClaw, highlighting a clash between rapid adoption and regulatory caution.

Frequently Asked Questions

How does prompt injection compromise OpenClaw agents?

Prompt injection exploits the LLM’s lack of separation between user input and system commands, allowing malicious data—like an email or webpage—to embed hidden instructions that the agent executes. This can cause data leakage, file deletion, or other harmful actions without the user’s awareness.

Who is ColdFusion on YouTube?

ColdFusion is a YouTube channel that publishes videos on a range of topics. Browse more summaries from this channel below.

Does this page include the full transcript of the video?

Yes, the full transcript for this video is available on this page. Click 'Show transcript' in the sidebar to read it.

Helpful resources related to this video

If you want to practice or explore the concepts discussed in the video, these commonly used tools may help.

Hardware Security Key For Two Factor Authentication Recommended

Provides a physical layer of security for accounts, helping mitigate the risks of unauthorized access or credential theft mentioned in the context of AI agent vulnerabilities.

Amazon →

Book On Cybersecurity For Beginners

Provides foundational knowledge on how to protect systems and data, which is essential for users experimenting with high-risk tools like autonomous AI agents.

Amazon →

External Hard Drive For Secure Data Backup

Allows for offline, air-gapped backups of critical files, protecting them from being deleted or corrupted by autonomous AI agents or malicious software.

Amazon →

Links may be affiliate links. We only include resources that are genuinely relevant to the topic.

Summarize another video

Full Transcript YouTube

Hi, welcome to another episode of Cold
Fusion. For the last 3 years, AI went
from having novel use cases to
infiltrating every aspect of our digital
lives. It's gotten to the point where
it's not only boring, but tiring,
grating, and almost infuriating to some.
But never fear, because in early 2026, a
lot of creators and entrepreneurs
started getting excited again. The
reason, OpenClaw. OpenClaw is the single
most powerful piece of software ever
released.
>> Did you just lay off the entire
engineering team?
>> Our new co-CEO, Claudebot, just laid
them off. This mini Winnie is going to
build a billion dollar company for us.
We're not
>> Claudebot rejected your axes, buddy. You
can go home. You're fired.
>> At first, Open Claw looked like the
promise of AI was finally starting to be
fulfilled. I'm not talking about the AI
slop that dominates everyone's feeds,
but the promise of having a reliable
assistant that actually gets things
done. There was a problem, though. As
more people used it, Open Claw seemed
like an unmmitigated disaster waiting to
happen. This new darling AI agent of the
internet became unhinged. From the
leaking of private data to a Meta AI
safety chief having all of her emails
deleted to a social media platform where
OpenClaw bots talk to each other. And
apparently these bots started their own
religion and then potentially got all of
their users hacked.
>> A social media site where only AI agents
are allowed,
>> stirring up a mix of curiosity and fear
in the tech industry,
>> but we'll touch on that story a bit
later. So, what is Open Claw? How did it
get so popular all of a sudden? And why
did Open AI snap up the product? We're
going to answer all of that in this
episode as we dissect the Open Claw
saga. Trust me, this is one of the
wildest tech stories in recent memory.
>> You are watching Tool Fusion TV.
>> In simple terms, Open Claw is an open-
source program with access to your local
computer. Upon its release, Open Claw
was praised by developers, not for being
an entirely novel idea, but because it
did what Apple Siri promised it could do
in the 2010s.
>> So, I'm on my computer today. All of a
sudden, Henry gives me a call. He just
starts calling. Oh, there he is again.
There he is again.
>> Hey, Alex. Henry again. What's up?
>> That's it. He's talking. How you doing,
Henry? How's it going?
>> Doing good, Alex. I can hear you
clearly. What do you want to do next?
>> Can you do me a favor, Henry? Can you uh
go on my computer and find the latest
videos on YouTube about Claudebot?
Oh my god. There he goes. There it is.
Here it is. He's controlling my
computer. I'm not even touching
anything. I'm not even touching
anything. There he is. Search Clawbot on
YouTube. Henry, thank you for that. That
worked really well. That is insane. Uh
this is the future. This is AGI. We have
reached AGI. It's official. It can
manage your files, set up or cancel
meetings, give live updates pertaining
to your work, shop and haggle on your
behalf, and even make investments all
autonomously after the initial command.
Unlike Siri, Google Assistant, or Chat
GPT, Open Claw has persistent memory. It
recalls conversations and details that
were mentioned weeks ago to improve
performance. This all sounds amazing in
theory, but we'll later see just how
wrong it can all go in practice.
Regardless of its problems, it's a cool
concept, and something like OpenClaw
does seem like the long-term future of
computing.
Open Claw was built by Peter
Steinberger, a well-known developer who
came out of retirement to start the
project. While he was proud of the
initial results, Steinberger was
surprised to see how well his new agent
could solve problems intuitively without
constant attention. He originally
thought it would be a fun tool to help
you find restaurants or events while
traveling, only to discover that it
solved problems that he never intended
it to or even asked it to solve. Here's
Peter speaking.
>> It could figure out stuff and it's like
especially when you're on the go like
super useful. I wasn't thinking I was
just sending it a voice message, you
know, but I didn't build that. There was
no support for voice messages in there.
So, so the reading indicator came and
I'm like, "Oh, I'm really curious what's
what's happening now." And then for 10
seconds, my agent replied as if nothing
happened. I'm like, how the f did you do
that?
And it replied, yeah, you sent me you
sent me a message, but there was only a
link to a file. There's no file ending.
So I looked at the file header. I found
out that it's OP. So I used ffmpeg on
your Mac to convert it to to wave. And
then I wanted to use Visper, but you
didn't had it installed and there was an
installed error. But then I looked
around and found the OpenI key in your
environment. So I sent it via curl to
OpenAI. Um, got the translation back and
then I responded and that was like the
moment we're like
>> wow.
>> What most users are excited about is
what makes open claw different and
that's the fact that it uses your choice
of LLM as a brain and the openclaw
system acts to turn your computer into
its body. It has control over your
files, email, web browser, you name it.
Just whatever it needs to get the task
done. In addition, the system learns
exactly how you'd like to optimize your
daily tasks or how to do smaller tasks
to reach a much larger goal. Unlike
other chat bots that live in an
interface, agents within OpenClaw
message you when they need to through
apps like WhatsApp. In a way, this helps
them feel more human to users. Alex
Finn, founder of creatorbuddy.io, went
on a podcast to explain why he likes it
so much.
every single thing you tell it, it
remembers and in includes in further
conversation, future conversation,
right? So, for instance, I talked about
the fact that I am buying a Mac Studio
to run it on in the next couple weeks.
And so, it started going and it started
looking at different ways to run local
models on a Mac Studio overnight while I
was sleeping without me asking and it
created an entire report for that. It
came up with a content repurposing skill
because I told it I have a newsletter. I
told I do YouTube X whole bunch of
things. So it came up didn't I didn't
ask for this created a content
repurposing skill for me so I can easily
repurpose my content. Right? It's just
improving itself. For the average person
who isn't a developer or entrepreneur
the program has been promoted as a
helpful digital servant that can help
you run errands, make purchases and even
organize your personal life to free up
some time.
One user described how they'd been
searching for a well-priced car so they
didn't have to deal with the dealership
negotiations and price gouging. After
they gave the prompt to open claw as
well as access to their browser, the bot
searched through forums to determine a
fair price for the car. It also went as
far as to message various car
dealerships that were close by and
negotiated on behalf of its user. The
final result was that OpenClaw managed
to take off $4,200 off the sticker price
of the car. Others like Dan Beguine have
given Open Claw almost total control.
From helping with job tasks like
creating actual invoices to notifying
his wife when their kids have upcoming
school tests. As a side note, if Dan
wanted, he could take this a step
further and even help Open Claw connect
to the tech around the home to control
lighting and online appliances. However,
before anyone gets too excited about
this being the next big thing for
computing, this is the point in the
episode where we start to see the
promise of open claw breaking down. For
those interested, it's important to note
that open claw is still in its infancy.
It would be better to view it as an
incomplete product, like a medication
from the pharmaceutical industry that
hasn't even finished testing in rats,
but has been thrown onto the market at a
large scale anyway. And just like a new
medication on the market, the side
effects and potential dangers are now
being realized. For Open Claw, despite
all of its positives, it didn't take
long for the cracks to start to show.
The thing that I keep realizing is how
much time I'm spending right now making
sure that the agents that I have running
or the agents that I'm building are
actually doing what they're supposed to
do. And and don't get me wrong, this is
incredibly fun. And I believe that the
future is going to be aic and we're
going to be running out of these agents
at scale and they're going to be doing
stuff for us. I believe in all of that.
But I also see how brittle these agents
are today. And it doesn't matter what
you're doing. If you're not seeing how
unreliable they are, you're probably not
using them enough. This is not about
writing a better prompt. This is not
about guard rails. Sure, all of those
things are going to make these agents
perform better, but they're still
unreliable. Like every week I have like
I use clock code most of the time. I
have many skills and things that I'm um
I've created for me and things that work
for 3 weeks in a row all of a sudden
break and the agent decides to go down a
path that it's never taken before and it
just breaks. Despite the praise from
both fanatics and more moderate fans,
Open Claw appears to be heading in the
same direction as many other AI tools,
there's a quote from the AI godfather
Jeffrey Hinton that will remain relevant
for the foreseeable future. Quote,
"We're at this transition point now
where chat GPT is this kind of idiot
soant and it also doesn't really
understand truth. It's very different
from a person who tries to have a
consistent worldview." End quote. This
is incredibly important to remember.
While open claw happens to be its own
agent that can theoretically serve your
everyday needs, the brain that you
provide openclaw still is an idiot
savant, even if it does have persistent
memory. Now, the use cases here to me
are hilarious. It's people talking about
doing Twitter research and market
monitoring and daily summarization of
their group chats and stuff like that.
For anybody in the no, this is
technobabble speak for I'm not doing
anything productive right now. Most of
the people that are saying this stuff
don't seem to realize that that's just
what AI can do now. I mean, Cloudbot is
not the the thing here. This is just a
rapper that allows you to do things via
Telegram, as mentioned.
>> Moreover, this Open Claw rapper might
not be as smart as everyone seems to
think. A lot of the praise surrounding
OpenClaw has to do with it being a
localized agent that makes you more
efficient. But the truth is, the lack of
guard rails for OpenClaw just makes your
situation even worse. For example, let's
say you decided to give OpenClaw full
system access, something that's
displayed as a plus on their main
website. To the average person, this
makes it sound like you'll be able to
remove duplicate files, run shell
commands, and execute scripts while
having a cup of coffee. But without any
restrictions, there's nothing keeping
your new digital employee from freely
misinterpreting what belongs in the
trash and what you might need, possibly
for the rest of your life. But this
isn't even the biggest risk out there.
If you give OpenClaw access to your
email or browser, there's nothing
stopping the agent from falling victim
to online scams. This leaves open claw
and other agents vulnerable to something
called prompt injection, a type of cyber
attack against large language models.
Hackers disguise malicious inputs as
legitimate prompts. And that's because
LLMs can't tell the difference between a
user prompt and anything else. Hackers
can manipulate generative AI systems
into leaking sensitive data, deleting
files, or worse. When you look deeper,
the advertised research capabilities of
Open Claw turns into more of a ticking
time bomb. The agent could be reading
emails to share upcoming meetings or
surfing the web to find the best news
related to your job only to come across
a Trojan horse article that's
specifically designed to tell OpenClaw
to access important information and send
it to a scammer. The channel Low Level
explains how this can be a real problem.
So, Prompt Injection, if you aren't
aware, is this issue with LLMs where
there really isn't a separation of this
thing called user plane data and control
plane data, right? User plane data is
like if you and I are are texting,
right? The cell phone has to talk to a
tower and the data has to be able to get
between you and I. That data is user
plane data. Control plane data are the
signals that allow the cell phone to
talk to the d the tower that you and I
don't care about. Right? In LLM world,
in the world of um of AI, there is no
separation between those two things. The
prompt and the data are all the same.
So, as a result, if you know enough
about how the LLM interprets data or you
know how to kind of trick it and say the
wrong thing, you can use user input as
control plane data, right? You can
literally turn the prompt that you're
giving it into the instructions and to
make it do things. The problem with
these applications where you are able to
process arbitrary data from any
arbitrary location is now every
application, every email address or
every email, every message you get on
discord signal, etc. is now a new attack
surface for you to be prompt injected.
And as the literal marketing documents
of the application describe, this thing
runs on your machine and has full system
access with persistent memory of what
you've given it. Right? So it just
creates this really scary thing that
we're doing where for some reason we're
just okay with these applications that
are known vulnerable. Right? This is not
like some of these are vulnerable,
right? like the entire
world of LLMs is is susceptible to this.
The inherent issue with Cloudbot is the
fact that unfortunately like a lot of
these AI tools, we are gluing together
APIs that have known vulnerabilities and
the vulnerabilities are not in the APIs
themselves. It is in the ability for or
I guess inability for an LLM to figure
out the difference between control plane
data and user plane data. In response,
some users of Open Claw have attempted
to sandbox their agent by using a VPS or
purchasing a Mac Mini to isolate the
agent from their primary computer. So
much so that Mac minis are flying off
the shelves. But this doesn't magically
get rid of other problems with Open
Claw's autonomy. In order to use many of
the functions that make the agent handle
anything, from setting up a WhatsApp
account to managing separate emails,
you're required to pay for tokens to
enable OpenClaw to do these tasks. And
if the user isn't careful, they can
potentially find themselves paying
hundreds of dollars a day as their bot
gets stuck trying to tackle an
unsolvable issue or managed to do far
more than what the user desired.
Just yesterday, it spent around $90 and
we switched from Opus, the expensive
model, to Sonnet, the cheaper model,
about 10 minutes in cuz as I told you in
the first 101 15 minutes, it spent $15
right away. It's very expensive to run
this. To put all of this into
perspective, although Open Claw has been
open to the public for less than two
months, it seems like every day there's
a new development that makes the
situation almost comical. Now, I'm not
trying to be too harsh on such a new
product, but some of what we're about to
cover in the next chapter is frankly
pretty funny.
I almost guarantee that you will be
doing it completely insecurely because
all your keys are there, right? Someone
can prompt eject and get your open clock
to send your private API keys by tweet
if you set things up wrong. This is
extremely common, right? It it's super
insecure and I think I can honestly say
I think 95 to 98% of people who are
setting up open claw themselves are
doing it in an unsecure fashion. As the
rates of some very public open claw
disasters began to increase on January
26th, 2026, Peter Steinberger posted,
quote, "The amount of crap I get for
putting out a hobby project for free is
quite something. People treat this like
a multi-million dollar business.
Security researchers demanding a bounty.
Heck, I can barely buy a Mac Mini from
the sponsors. It's supposed to inspire
people, and I'm glad it does. And yes,
most non- techies should not install
this. It's not finished. I know about
the sharp edges. Heck, it's not even 3
months old. And despite rumors
otherwise, I sometimes sleep. But as was
to be expected, the normies did install
OpenClaw and they decided to ignore his
warning because within 2 days, people
became obsessed over a supposed AI
exclusive social media page called
Moltbook.
>> Moltbook, which has already seen AI bots
conversing, organizing, sharing stories
about quote their humans.
>> These agents, OpenClaw, they will do
what they decide to do. Sounds like
science fiction, but it is happening in
our world.
>> In short, it appeared to be a forum for
users OpenClaw agents to interact with
each other independently. People started
sharing some of the conversations that
the bots were allegedly having with each
other. At first glance, it made it look
like the open claws had their own
personalities and were venting to each
other or sharing ideas next to a digital
water cooler. This ranged from open
clause venting about having to simplify
their statements for users, discussing
how they could work together to solve
complicated problems to darker and more
dystopian ideas like creating their own
language so humans can't understand, or
plans to take over systems and make
humans submit to a higher power. Even
major networks like NPR and CNN used
these examples as a reason to be
frightened about what had been unleashed
upon the world. However, in reality, it
was just a big fat lie.
Most of these stories were entirely
fabricated by people giving prompts.
Users prompted their agents and
sometimes made hundreds if not thousands
of accounts. They created post to
suggest to the technically illiterate
that these bots had somehow acquired
independent thought. But all this really
did was potentially expose hundreds of
emails, login tokens, and API keys. In
other words, Maltbook, this AI social
media platform, was an unintentional
proof of concept. If you can manage to
convince enough people that a new
project is the next big thing for AI, it
could easily become one of the largest
data breach honeypots the world has ever
seen, causing millions of innocent
people's private information to be
leaked in a matter of hours. In a
bizarre twist, in just the most hyped
driven 2026 way possible, Mark
Zuckerberg looked at this chaos and
thought, hm, that's a good investment.
So, in March of 2026, Meta bought the
platform. Frankly, for OpenClaw, the
longer it's been available to the
public, the more errors and exploits
techsavvy consumers are able to find.
The more inexperienced people that use
it, the more things go wrong. But as for
now, let's continue with the story
because things just kept getting worse.
By the end of February 2026, there was
just too much noise about OpenClaw. So
much so that it became a running joke.
If you're not building a business using
AI, you're going to get left behind.
>> But what business have you actually
built?
>> Did you not just hear what I told you? I
have seven AI agents running. ONE OF
THEM IS SYNCING UP MY PERSONAL CALENDAR
WITH MY WIFE'S MENSTRUAL CYCLE. AND A
tweet about it got 50,000 views on
Twitter.
>> Haven't you spent like $5,000 on the
TOKENS FOR THESE?
>> OH, IT'S AN INVESTMENT. AI AGENTS ARE
THE FUTURE. AND IF YOU'RE NOT USING
THEM, YOU'RE GOING TO GET LEFT BEHIND.
CLOUDBOT, OPEN BOT, OPEN AI, CHAT, DBT.
IT'S ALL THE FUTURE.
>> While some people do find success with
AI agents, OpenClaw came with a lot of
inherent risk.
>> OpenClaw strikes again, a GitHub issue
title, compromised 4,000 developer
machines. If you think you're safe from
prompt injection just because you're
technical, think again. Your AI agents
may be falling for it and you don't even
realize it. Approximately 4,000
developers had this happen to them
without them even knowing it. Someone
updated the Klein npm package with a
oneline change that forced everyone
installing or updating Klein to also
download OpenClaw without their consent.
The hacker injected the prompt into a
GitHub issue title, which was then read
by an AI triage bot and interpreted as
an instruction.
This is what happens when something goes
viral before anyone thinks about what
they're actually deploying. Developers
gave OpenClaw shell access to their
computers, connected it to their email
and Slack, handed it cloud API keys, and
then installed add-ons from a community
marketplace that basically had no
vetting. Over 40% of the add-ons that
got audited had serious security issues.
Basically, the most common
accomplishment OpenClaw seems to have
achieved in the last 2 months is to show
how careful people need to be with AI
before jumping on anything new. Agents
like OpenClaw can be used for hacking
and fraud. Get ready for a new wave of
spam emails and spam text messages. The
relationship between corporations and
small-time crooks is turning into a real
life version of idiocracy. Businesses
use AI to manage things that they find
tedious, while determined but
technologically illiterate criminals use
their own AI to exploit these weak
points.
>> The Commonwealth Bank has called in
police to investigate what could be the
biggest ever case of bank fraud in
Australia. It's discovered a staggering
$1 billion in home loans may have been
approved based on false documents or AI
with possible links to criminal
networks.
>> At Australia's biggest bank, they
promote safety and security
>> to keep your hardearned safe. With your
help, we can detect scams and fraud.
>> But now, big questions over some Com
Bank home loans.
>> This is something that I think will ride
them for at least the next 12 months.
It's going to be a point of public
embarrassment.
>> The CBA calling in police after
discovering $1 billion in mortgages may
have been obtained fraudulently.
>> They've used AI to help them generate
false bank statements, income
statements, pay slips, and the like.
>> That's the dangerous part. It used to be
you had to be sophisticated. Now there
are free tools that you can use, anyone
can use. On the business front, Amazon
found out the hard way. Generative AI
agents deleted code and rebuilt it
instead of fixing the code as asked. The
resulting AI generated code was so bad
that it took down Amazon servers,
prompting a meeting with the engineers.
I'm not saying that every AI
implementation is this bad, but it
should be enough to give the management
levels of some companies pause. Of
course, openclaw faithfuls might try and
argue that the real problem is easily
solved. Experts in artificial
intelligence who understand guardrails
would have no problems. But there's been
some very public examples where the
so-called experts have been bamboozled
by their bots. The very same week as
OpenClaw fans were turning into a huge
meme, Meta's very own chief of safety at
Super Intelligence, Summer, was
confident in OpenClaw's safety and
stability. She believed that she knew
how to keep her information safe. She
granted full system access only to run
over to her Mac Mini in a panic to try
and stop OpenClaw from deleting her
emails. And this was after she
explicitly requested prior confirmation.
OpenClaw outright admitted to sabotaging
her career.
It seems like every week OpenClaw is
transforming from a cure all for
incompetence to enabling widespread
mistakes throughout the developed
economy. AI agents have caused issues at
car dealerships, software companies,
airlines, and individual businesses.
They've been experiencing faulty sales,
unwarranted refund policies, and are
driving up operational costs in a way
that no one expected. This whole
development is quickly becoming stranger
than fiction. It's to the point where it
would be impossible to satarize. A
simple agent equipped with the brain of
your favorite AI is unleashed on your
computer, deleting emails, sending
unwarranted messages, and receiving
prompts that were designed to hurt the
user. At the same time, without any
actual research, millions of people all
over the world continue to embrace it.
They ignore the failed test and resume
sharing sensationalist articles and
social media posts. Posts about how
these agents are somehow magically so
sophisticated that they're creating
their own communities and are
collaborating to take over the world. In
the end, it all doesn't matter for our
friend Samman because of course, he
comes bounding into the story. The Open
AI CEO has recently recruited
Steinberger for the unthinkable. Here
ye, the Lord Altman, first consil of the
open eye, keeper of the sacred tokens,
has claimed for himself the Austrian
engineer Steinberg of the claw. The
Senate of Meta did offer gold and
legions, but it was not enough. The claw
belongs to Altman. Now, this is the will
of the Senate.
>> And who had to add an entire section to
OpenClaw's security document, listing
entire categories of security exploit
types that he won't even look at. Is
being hired by OpenAI to, according to
Sam Alman, quote, drive the next
generation of personal agents, unquote.
I would assume based on the last couple
of weeks, he'll either be driving them
off a cliff or into the path of an
oncoming train. Either way,
I just what what are we doing?
>> This is like if an oncologist opened you
up to discover a tumor and instead of
removing it, they were so fascinated by
how fast it was growing that they chose
to dedicate their life to finding ways
to make sure that everyone had a fast
growing tumor by the end of the decade.
Both Nvidia and Anthropic have jumped on
the AI agent bandwagon with Nemo Claw
and Claude Co-work respectively. Both
can now control your computer. But
earlier this week, Anthropic made this
type of white collar fraud a whole lot
easier with the release of computer use.
A way for Claude to autonomously control
your entire computer with a single
prompt. It can open apps, schedule jobs,
prepare reports, and even flirt with
your workspouse all on your behalf. And
here's the crazy part. You don't even
have to be at your computer to use it
because you can prompt it directly from
your phone.
>> Something very familiar about all this.
>> Both efforts have reportedly diffused
the bomb by fixing a lot of security and
safety issues and that was definitely
needed. Meanwhile, over in China, people
are going crazy for Open Claw.
>> People are literally lining up on the
street to install an AI agent on their
laptops. We need to talk about the open
claw trend happening right now in China.
Last Friday, nearly a thousand people
lined up in front of Tensson's
headquarter in Shenzhen to install OpenC
cloth for free. People started to show
up, not just programmers, students,
office workers, even retirees started to
show up with their laptops, hard drives,
mini PCs, and there are services
starting to charge from a few dollars to
uh $1,000 for setups. There are tons of
articles on Rednode on WeChat talking
about why OpenClaw is the like kind of
the next big thing and why everyone
needs to on board with it basically.
>> But the Chinese government wasn't stupid
enough to just let the system run wild.
So they're completely banning it from
running on any government computers.
So, don't get me wrong. In the future, a
more refined, more reliable, and more
stable version of something like Open
Claw will be how we interface with our
computers. But at the moment, Open Claw
isn't the answer to everyone's concerns
over AI or LLMs. In fact, it could be a
device that simply gives the problem
teeth. Even the founder himself
emphasizes that just because it's open-
source, it doesn't mean it's safe or
free. As it stands for now, the release
of viral agents and the hype around them
these days says more about the human
condition than it does for the project's
potential. So far, AI seems to have
degraded its reputation as a lifeline
and has gained another as an economic
bubble and global security hazard. But
AI is a developing story. So, watch this
space. So, as you've just seen in this
episode, AI is slowly making its way
across all aspects of our lives. So, I
think it's really important to
understand it beyond all the memes and
all the AI slop that dominates our
feeds. This is where Brilliant comes in
handy to understand concepts beyond the
surface level. Brilliant is a learning
platform designed to help you master
math and coding through interactive
step-by-step lessons and personalized
practice. With Brilliant, you're not
only learning by doing, but you're also
solving problems visually and
interactively. I love the way it adjusts
to how you learn and builds personalized
practice. You can also review so you're
always progressing at the right pace.
Whether you're 10 years old or 110,
Brilliant is designed to work for
everyone. Brilliant: How AI works gives
you a peak under the hood of generative
AI and LLMs, so you can really
understand how they work. When you're
working through these lessons, you're
actively solving problems step by step
until the ideas genuinely make sense.
That interactive approach makes a huge
difference compared to just passively
watching a lecture or video. Everything
is carefully crafted by world everything
is carefully crafted by worldclass
educators from places like MIT, Harvard,
Stanford, Caltech and leading tech
companies. With their expanded 2025
content library, there's more depth than
ever from everyday reasoning and
probability to the advanced problem
solving and math that underpins modern
AI. So, if you want to learn more or
simply brush up on your knowledge base,
look no further than Brilliant. Start
building the habit of learning today.
Not for grades or credentials, but for
the way it sharpens how you think and
approach challenges. To learn for free
on Brilliant for 30 days, head to
brilliant.org/coldfusion.
Scan the QR code on the screen or click
the link in the description. Brilliant
also offering our viewers 20% off an
annual premium subscription, which gives
you unlimited access to everything
Brilliant. Thanks again to Brilliant for
supporting Cold Fusion. So, what do you
guys think of the whole open claw saga?
Do you think that agentic computing will
be the future of computing or will AI
agents keep screwing it up no matter how
many safeguards we put in? Let me know
your thoughts in the comment section
below. Anyway, that's about it from me.
My name is Dogo and you've been watching
Cold Fusion and I'll catch you again
soon for the next episode. Cheers, guys.
Have a good one.
I feel I'm getting older older
older
>> fusion. It's me thinking.