u/lucienbaba

Saw Peter Steinberger’s talk at AI Engineer Europe plus the AMA after, and he ended up addressing a pretty wide range of questions people here keep asking.(Peter’s speech begins straight at 1:25:18 if u wanna check it yourself)

On the talk side, the big message was that OpenClaw is leaving its breakout phase and entering a more serious one: governance, maintenance, and security. He said the project is only about five months old but already operating at a scale where the problem is no longer just shipping features. It is reducing bus factor, making the project durable, and turning it into something that can survive beyond a handful of people carrying everything.

That is also why he talked so much about the OpenClaw Foundation. The point was practical: get funding, hire full-time maintainers, and move away from pure volunteer chaos. He was pretty explicit that OpenAI did not “buy OpenClaw,” and that the goal is an independent structure that can support the project without letting it become owned by one company.

He also said he is actively pulling the project toward cross-company collaboration. He mentioned people helping from NVIDIA, Microsoft, Red Hat, Tencent, ByteDance, and others, and specifically called out China as already being a major usage region. That felt like a direct answer to the concern that OpenClaw might quietly become an OpenAI side project.

Security was another major topic. Peter said the project has been drowning in security advisories, with over a thousand reports and many labeled critical. His point was not that security does not matter. It was that the whole agent software ecosystem is entering a new normal where AI tools are insanely good at finding bugs, chaining exploits, and flooding fast-moving projects with reports. He even said that when he tested NVIDIA’s NemoClaw sandbox with Codex security, it found multiple breakout paths very quickly. His argument was that this is not just an OpenClaw problem. It is increasingly what the entire agent era looks like.

Related to that, he spent a lot of time pushing back on what he sees as exaggerated or dishonest narratives around OpenClaw security. He distinguished between issues that sound terrifying on paper but have very little practical impact for most real users, and issues that are genuinely dangerous, like supply-chain attacks or dependency-level compromises. He also complained about papers and vendors doing fearmongering while ignoring the project’s own security guidance, like not dropping your personal agent into a group chat, isolating team agents, and using sandboxing when multiple people can talk to the same agent. His position was not “OpenClaw is safe, stop worrying.” It was more “yes, risks are real, but stop pretending bad deployments and reckless setups are the same thing as the project being inherently broken.”

Then the AMA got into the more direct stuff (This part starts at 2:28:00):

On the “Closed Claw” question, he answered pretty clearly that OpenClaw has to stay open and has to remain model-agnostic. He said he knows people are suspicious because of OpenAI’s history, but he also said he is intentionally bringing in people from many other companies so the project does not look or become controlled by OpenAI.

On local and open models, his position was more nuanced than either side usually makes it sound. He clearly believes users should own their data, and that local-first control is part of the motivation behind OpenClaw. But he also said many smaller local models are still weak in real agent setups, especially when connected to browsers, email, and other powerful tools. So his position was not anti-local model. It was more like: support everything, but do not pretend every model is equally safe.

On where OpenClaw should go next, the most interesting answer was “dreaming.” He described it more like memory consolidation than just adding more context: agents processing what happened, keeping what matters, dropping what does not, and becoming more like long-lived systems instead of stateless chat with hacks layered on top. He also said OpenClaw is getting more pluginized, so memory, wiki, dreaming, and similar systems can become swappable modules instead of one hardcoded design.

On prompt injection, he did not pretend it is solved. His view seemed to be that frontier models are already better than before at recognizing untrusted content from websites and emails, so the old “one malicious paragraph breaks everything” story is less true than it used to be. But he also admitted that sustained attacks are still a real problem, and that the current answer is layered mitigation: model quality, untrusted-content handling, permission boundaries, and trust or reputation systems, not some final clean fix.

On the long-term product vision, he made it pretty clear he does not see the endgame as “an agent in Telegram or Discord.” He wants something more ambient and ubiquitous, closer to a Star Trek-style personal computer you can talk to anywhere, with screens nearby acting as output surfaces, and eventually separate work and personal agents communicating within controlled boundaries. In other words, chat apps are just the current shell, not the final form.

And one of the most useful answers was on what skills still matter for builders. His answer was taste, system design, and the ability to say no. Taste, because AI-generated writing and UI already have a very recognizable synthetic smell. System design, because you can still absolutely build yourself into a corner with generated code. And saying no, because now almost any idea is just one prompt away from existing, so the bottleneck is not whether something can be built, but whether it should be.

Overall, it felt like Peter saying OpenClaw is growing up: the project is getting more independent, more structured, more modular, and also more burdened by the realities of security and maintenance than most people probably realize.

Thats it. Hope this help guys (Notice: I used claw for the summary and edited it myself based on the video. If you don’t like it, go watch the video yourself:)

Been hearing from a few friends that Opus got kinda dumb recently. Didn’t believe it at first, thought it was just prompting issues.

Then I switched back to Opus 4.6 today and tried a super simple task like: don’t trigger task 1 and 4 and it failed like 7–8 times in a row doing exactly that and piss me off....Then I saw people on Claude sub talking about reasoning drops and mythos preview… anyone else noticing this or just me??