AI agents are being touted as the next big thing in the tech scene. They should be able to act independently and automatically. So far, their impact has been limited – and there are good reasons for that. The OpenClaw software has been causing a stir since the beginning of the year and is described by many as the first real AI agent. A commentary analysis.
What is OpenClaw?
- OpenClaw is freely available software that allows users to configure their own AI agents. It was released at the end of 2025 by Austrian developer Peter Steinberger and went viral in early 2026because artificial intelligence can, in principle, act in the same way as a human does in front of a computer. Many therefore refer to OpenClaw as the first true AI agent.
- The autonomous AI assistant runs directly on a local computer and can, depending on the configuration carry out tasks independently. These include: writing and sending messages, managing calendars or retrieving data or sources from the Internet. Users can install additional “skills” that are intended to expand the AI agent’s capabilities. OpenClaw is required for this extensive system rights and access to personal data.
- The biggest risk of OpenClaw lies in its extensive architecture. Through so-called prompt injection, third parties can cause the AI to do so through targeted instructions. ignoring their original rules or security requirements – through seemingly harmless text entries, websites or documents. This industry-wide problem, combined with the agent’s extensive system privileges, represents a huge gateway.
AI Agents: No proof for superintelligence
OpenClaw is undoubtedly impressive. Because the software enables AI agents to not only respond, but to click and act. The tool does tangible for the first timewhich for a long time floated around as big but vague promises through press releases, interviews and panel discussions.
In theory OpenClaw even outshines large corporations like OpenAI or Google when it comes to data protection and privacy. Because: All data is processed locally on end devices instead of ending up in Big Tech’s clouds via programming interfaces.
But this supposed freedom is both a blessing and a curse. On the one hand, because OpenClaw is clearly aimed at a technology-savvy audience in order to explore limits, possibilities and also risks. On the other hand, because the AI agent in layman’s hands the enormous security risk such applications.
In one case, the software is said to have sent around 500 messages to a user’s contacts in an uncontrolled manner. In another case, an OpenClaw agent was apparently instructed to book a restaurant over the Internet. When that didn’t work, the AI is said to have downloaded a voice and called the restaurant.
Both cases show the risks, but are no evidence of an independent intelligenceas it is often portrayed in the media. But: for software that does exactly what you allow it to do – intentionally or unintentionally.
Voices
- OpenClaw developer Peter Steinberger in a video interview: “OpenClaw is like a ghost in front of the computer that can operate the keyboard and mouse. My product can run completely locally. That means: If you want, nothing can be left on the computer.” In a post on
- Security researcher Jamieson O’Reilly describes the advantages and disadvantages of OpenClaw as follows: “Imagine a butler who is brilliant. He manages your calendar, takes care of your messages, knows your passwords. Now imagine you come home – and the front door is open. Your butler lets everyone in and serves tea while a stranger sits in your study and reads your diary.”
- Chris Beyeler, President of the Swiss association swissAIpoints out: “AI can amaze – but it is not a sentient being. If we immediately present every new platform as an independent intelligence, we create unnecessary fears and lose sight of what is important: How do these systems really work, who controls them and what are the actual risks and opportunities.”
AI agents are not yet a safe product
That’s theoretical The potential of AI agents is enormous. You can coordinate appointments, plan trips or research information – without constant questions or copy-and-paste orgies.
However, there are good reasons why an open source project is showing the almost unlimited possibilities of AI agents for the first time Large corporations have so far held back. Because: A data- and security-compliant product for end users is still at least two to three years away.
Even Google and OpenAI have not yet found a solution to this, using existing technological options Fortunately, existing political and legal requirements to bring into harmony.
But OpenClaw also reveals what is possible without revealing personal information to big tech companies. The The path from a hacker toy to a product is still rocky. This would require a user interface that even people without terminal experience can control and understand.
OpenClaw users are therefore first and foremost guinea pigs – partly voluntarily, partly out of ignorance. Although the technology points clearly to the future, it is still on shaky ground. The real question is not whether AI agents will come, but whether we will learn to set limits on them in good time before they politely order us food and then leak our diary.
Also interesting: