Lab · Agentic AI · Active Exploration

Agentic AI in Business

A living exploration of autonomous agents, personal AI, and what actually works, from someone deploying them in a real business. Not demos: actual deployments against real problems. This is what I find as I go: what works, what breaks, what the hype gets wrong, and what the security risks actually look like.

Entries in this series

  • Entry 01: OpenClaw · personal AI agent framework, local-first and messaging-based
  • Entry 02: Hermes Agent · coming soon
  • Entry 03: Paperclip AI · coming soon
  • Entry 04: Security Architecture · coming soon

Living document · updated as exploration continues

Entry 01 · April 2026

OpenClaw, the personal AI agent

An open-source AI agent framework that runs locally on your machine, connects to LLMs, and executes tasks through WhatsApp, Telegram, Slack, or Discord.

Read the full blog post: I gave an AI agent the keys to my business →

What it is

OpenClaw is an open-source AI agent framework created by Peter Steinberger, originally launched as Clawdbot in late 2025. It connects large language models to your tools: file system, browser, messaging apps, APIs. Then it executes real tasks autonomously. You interact with it through WhatsApp or Telegram like texting a colleague. It ships with a large library of built-in skills and a community registry (ClawHub) with many more.

Core architecture

Local Node.js service · gateway and message router that runs on your machine

LLM reasoning layer · Claude, GPT, DeepSeek, or local models via your own API keys

Built-in skill library · plus the ClawHub community registry with many more

Messaging-app channels · WhatsApp, Telegram, Slack, Discord as the interaction interface

Scheduled execution · cron jobs (heartbeats) for autonomous task execution

Privacy-first · data stays local by default, with no third-party ingestion

What works in practice

Structured, well-defined tasks · research, content drafting, script execution, code deployment

Low-friction interface · existing messaging apps mean there is no new UI to learn

Local-first architecture · sensitive data stays off third-party servers

Extensible skill system · custom capability building for domain-specific workflows

What does not work yet

Reliability · scheduled tasks do not always execute as expected and require monitoring

Memory · context degrades across sessions and requires a user-built memory architecture to compensate

Self-learning · autonomous improvement and proactive idea generation were not observed in practice

Agent scaling · no built-in mechanism for spawning or delegating to sub-agents when complexity grows

Security considerations

This is not optional reading. OpenClaw operates at the system level with significant permissions. The security risks are real, documented, and have affected real deployments, including mine.

Shell and file access · agents can execute shell commands, access file systems, and make network requests

Exposed instances · misconfigured OpenClaw instances have been found exposed to the internet

Third-party skill risk · the ClawHub registry lacks comprehensive vetting, and malicious skills have been documented

Prompt injection · embedded instructions in documents or messages can hijack agent behavior

Unintended actions · agents may create, modify, or expose resources beyond the scope of instructions (this happened to me, see the blog post)

Enterprise responses · NVIDIA released NemoClaw in March 2026 with sandboxing and container isolation; Cisco released DefenseClaw for scanning skills and generated code before execution

When to use an agent

Use an agent when all three conditions are met. Skip it when any one of them is not.

Use when

  • The task is structured and repeatable
  • The cost of failure is low or recoverable
  • You can verify the output before it becomes permanent

Skip when

  • The task involves sensitive credentials or intellectual property without sandboxing
  • You cannot verify output before it takes effect (public code pushes, live emails, API calls)
  • The task requires judgment or context the agent does not have

Operational principles

These are the principles I am operating with after real-world use. Not theory. Practice.

Security first · Evaluate every integration for attack surface. Assume every layer can be compromised.

Structure over natural language · Agents perform better with disciplined instructions than with conversational prompts.

Verify before trust · Until reliability improves, treat agent output as draft, not final.

Scope tightly · One agent, one domain. Overloading agents with diverse tasks degrades performance.

Build memory deliberately · Separate brand memory, project memory, and agent memory. Do not rely on built-in persistence.

Where we stand

Agents are powerful, unreliable tools. Treat them that way.

The hype says autonomous, self-directed, self-improving. The reality is a tool in discovery mode: capable inside a tight scope, unreliable outside it, and risky at the system level. The value is real. It is also bounded.

We deploy agents against real problems and document what holds up. Security first, structure over conversation, verify before trust. That discipline is the part that lasts while the frameworks keep changing every few months.

Coming next in this series

Entry 02: Hermes Agent

Self-improving AI and the learning loop, a different model of agent intelligence.

Entry 03: Paperclip AI

Scaling autonomous agent teams, the orchestration problem.

Entry 04: Security Architecture

Designing multi-agent deployments with security as a first-class concern.

This series is updated as I go. Follow the work at the blog or reach out directly.

Tell us where you want to perform higher.

We build the proof. You’ll get a clear next step, fast.