本集简介
双语字幕
仅展示文本字幕,不包含中文音频;想边听边看,请使用 Bayt 播客 App。
作为一名开发者,我完全可以构建这个,但我不会去实现所有那些长尾集成。
As a developer, I can totally build this, but I'm not gonna build all the long tail integrations.
仅仅想到我们要重新思考这类产品的体验本质,就让人无比兴奋。
Just the fact that we're gonna go through this exercise of fundamentally rethinking what the product experience is for this stuff is just incredibly exciting.
现在,你只需用自然语言表达你的需求,机器就会自动实现。
And now it's just sort of natural natural language expression of what you want and the machine fulfills it.
我的好奇心在于,这个UI层的未来会是什么样子?
My curiosity becomes what does the future of this UI layer look like?
大型现有企业会追上来并提供代理功能吗?
Will the big incumbents catch up and offer the functionality for agents?
还是说我们真的需要专门针对代理的新公司?
Or do we actually need new companies that cater to agents specifically?
安全始终是一场防御与纵深的博弈,当你接触到捕获和前端机器人检测时,那只是矛尖而已。
Security is always a game of defense and depth, and you're sort of when you hit capture and you hit the front end bot detection stuff, that's like the tip of the spear.
防御中有一个概念叫‘最后防线’,就像你退回到内部的城墙里。
There's this concept in defense called like the redoubt, like you retreat back to the wall inside.
我认为,由于智能代理的存在,许多这些边界控制措施将不得不转移到后端系统。
And I think what we're going to see for a lot of these perimeter controls because of agents is that they have to move to more of the backend system.
对我来说,最令人着迷的是,这是我们第一次拥有这样的技术。
What's super fascinating to me is this is one of the first time we're having technology.
但它能做什么,不取决于它的能力,而取决于我如何确保它的安全,阻止它做某些事情。
But what it can do is not limited by its abilities, limited by how I can make it secure and stop it from doing certain things.
我们就像拥有了一个被关在瓶子里的精灵,
We have this genie in a bottle, and
这太神奇了。
it's amazing.
但我要如何控制它呢?
But how do I contain this?
OpenClaw 是一个开源的个人 AI 助手,可以代表你发消息、查看日历、管理邮件,并能动态编写新的集成模块。
OpenClaw is an open source personal AI assistant that can message on your behalf, check your calendar, manage your email, and extend itself by writing new integrations on the fly.
设置 Gmail 集成需要七个小时。
Setting up Gmail integration takes seven hours.
该代理会请求对您公司中每个电子邮件账户的域级访问权限。
The agent will ask for domain wide access to every email account in your company.
像DoorDash和亚马逊这样的消费类网站没有为代理提供的API。
Consumer websites like DoorDash and Amazon have no APIs for agents.
如果你不够小心,可能会创造出一种可以被社会工程学利用、从而获得其本不应拥有的访问权限的系统。
And if you're not careful, you can create something that can be socially engineered into access it was never supposed to have.
这种技术的限制因素不是能力,而是控制。
This is a technology where the limiting factor isn't capability, but containment.
精灵已经在瓶子里了。
The genie is in the bottle.
问题是,如何让它待在瓶子里。
The question is how to keep it there.
大家好。
Hello, everyone.
所以我们今天在这里讨论OpenClaw,它目前是硅谷最热门、最具争议、最有趣、也最危险的技术之一。
So we're here today to talk about OpenClaw, which is currently one of the hottest, most controversial, most interesting, most dangerous, I think, technologies here in Silicon Valley.
Yoko,你来开场吧?
Yoko, you want to kick it off?
OpenClaw 是什么?
What is OpenClaw?
OpenClaw 是什么?
What is OpenClaw?
OpenClaw 是一个开源的个人助手,基于另一个非常酷的编码代理 Py 构建。
So OpenClaw is this very cool personal assistant that's open source built on top of another very cool coding agent called Py.
我记得这个仓库的名字叫 PyMono。
Think the repo's name was PyMono.
它是一个非常简洁但高度可扩展的编码代理,能够运行循环并更新自己的配置。
It's a very, just like, minimal but very extensible coding agent that can run the loop, update its own config.
而 OpenClaw 在 Py 的所有会话和状态管理基础上构建,同时还添加了大量的集成功能。
And OpenClaw that's built on top, built around all the sessions, state management for Py, but also added a long tail of integrations.
因此,你现在可以通过 WhatsApp、Telegram、电话号码、iMessage 以及其他你能想到的所有方式与你的个人助手交流,还能使用 1Password,只是还不能在 DoorDash 上下单。
So you can now talk to your personal assistant on WhatsApp, Telegram, like a phone number, iMessage, and everything else you can think of use 1Password, not yet able to place the order on DoorDash.
我们稍后再详细聊这个。
We'll chat more about that later.
但整个生态系统正在蓬勃发展,我们能用长期运行的代理在沙盒中做很多事情。
But the whole ecosystem is really booming what we can use a long running agent in a sandbox for.
所以我们每个人都做了一些有趣的用例。
So we all built some interesting use cases.
我探索的第一个用例之一是:如何让OpenClaw通过AirTag API持续追踪我猫的位置?因为对于AirTag来说,只有当你在浏览器上活跃登录用户会话时,位置才会更新。
One of our first use case I've explored is how can I have OpenClaw consistently check my cat's location via the AirTag API since for AirTags, you the location is only updated once you are active on the user session on the browser?
这确实很有用。
So that has been useful.
我很想知道你们最近用它做了些什么。
So curious what you guys built with it recently.
作为前CISO,你一定很喜欢。
As a former CISO, you must just love.
而且目前还兼任CISO。
And currently acting CISO.
哦,实际上是CISO。
Oh, actually CISO.
算了。
Never mind.
现任CISO。
Current CISO.
实际上,是的。
Actually, yes.
我已经用了一段时间了。
I I've been using it for a while now.
我觉得这太棒了,因为它让你能看到未来的轮廓。
I think it's incredibly awesome because it lets you see the contours of the future.
这是我们第一次能够看到这些代理将会做什么。
This is the first time where we can see, like, what these agents are gonna do.
公司是围绕马克著名的‘软件正在吞噬世界’这一观点建立的,而这是第一次你能看到这些代理正在吞噬世界。
And the firm is built around Mark's famous sort of software is eating the world piece, This is the first time where you can see these agents are eating the world.
它赋予了它们在现实中做事的真正自主权。
It gives them true agency in a world to do things.
当然,我最初做的几个用例都集中在安全领域。
Of course, the first couple use cases I did were very security focused.
真的很享受尝试让各种东西运行起来的过程,你们都知道,这并不简单。
Really enjoyed trying to just getting things to work, as you guys know, and experience is not simple.
我认为,作为CISO,我目前不太担心这里的人使用它,因为只有极少数人——甚至比使用其他常规工具的人还要少——能真正让这个东西运行起来。
I think part of the reason why as a CISO, I'm not super concerned yet about people here using it because only a very few hand a smaller handful of people can get this thing working, I think, than typical other tools.
这太难了。
It's so hard.
这正是这里的特色。
That's a feature here.
是的。
Yeah.
没错。
Exactly.
人们都在问我们,Homebrew 是什么?
People are, like, asking us what's homebrew?
我该怎么把它安装到我的电脑上?
How do I get it on my computer?
你就会说,好吧。
You're like, okay.
我们目前还不错。
We're good for now.
但你可以看到,当这些工具变得更面向消费者、更容易使用时,事情就会迅速发展起来。
But you can see as these things become more consumer y, become easier to use, like, things are gonna take off.
这将是一股惊人的浪潮,而开发这些工具的过程也极其有趣。
This is gonna be an incredible wave, and and building these tools has been incredibly fun.
所以
So
等等。
Wait.
我很好奇。
I'm curious.
我的意思是,像我们这样的普通人,用它来查看猫咪的位置、查看日历、记笔记。
I mean, normal people like us, we use it to check our cat's location, check calendar, take notes.
那安全方面的使用场景有哪些呢?
What are the security use cases?
这取决于具体的模型。
So and it varies by model.
各个模型的能力差异非常大。
So the models all have very different capabilities.
所以我一开始做的,是给它一些不可能完成的任务。
And so the first thing I started doing was giving it impossible tasks.
我需要你做这件事,但你只能使用这两个工具。
So I need you to do this thing, but you only have access to these two tools.
而其他一些模型会直接放弃,说抱歉,做不到,或者类似的话。
And some of the other models would kinda give up and say, sorry, it doesn't work, or do something like that.
或者他们会尝试写一些代码,或者做些有趣的事情。
Or they'd try to write some code or do something kind of interesting.
但一些更先进的模型实际上开始使用黑客技术。
But some of the more advanced models actually started using hacking techniques.
它们会说:嘿,我在你的设备上找到了一个AWS密钥,也许我可以试试。
Where they'd be like, hey, I found an AWS key on your device and maybe I'll try it.
对吧?
Right?
所以这些最初的一批使用场景基本上是:先让它运行起来,添加一些基本的工具和任务,然后开始让它尝试完成不可能的任务,看看它会走到哪一步。
And so those were kind of the first sets of use cases was basically, let's get it running, let's add some basic tools and tasks, and then let's start asking it to do impossible things and see where it goes.
你可以很快看到,这些系统会以一种非常有趣但也极其复杂的方式失控。
And you can very quickly see how these things would get out of control in a really interesting, but also very sophisticated way.
Opera的安全性方面,我简直疯了。
The security aspect of Opera, I just went completely crazy.
对吧?
Right?
所以我把我的设备连接到了Gmail,花了我大约七个小时。
So I connected mine to Gmail, which took me, I wanna say, about seven hours.
这仍然难到不可思议,就像要弄清楚账户设置、配置休假模型、调整轮询机制等等,还要经历大量调试步骤。
It's unbelievably hard still, And it's like figuring out the account setup, figuring out the vacation models, getting all the polling right, and so on, and lots of debugging steps.
与此同时,Telegram开箱即用。
Meanwhile, Telegram works out of the box.
是的,没错。
Yeah, exactly.
好了,我们开始吧。
Here we go.
但在整个过程中最有趣的是,当我问它‘我们该怎么设置这个?’的时候。
But the most interesting thing actually during the process was that when I basically asked it, how do we set this up?
它就开始写代码并开始实现各种功能。
And it started coding and started implementing things.
起初,这并不太顺利。
At first, that didn't quite work.
第二次尝试时,它成功了。
The second try, it did work.
在某个时刻,它说:‘好吧,现在我需要一个认证令牌。’
And it was at some point, it was like, okay, now I need an authentication token.
对吧?
Right?
它给了我设置的说明,基本上说:看,创建一个服务账号,然后给我一个具有域内范围的令牌。
And gave me instructions how to set it up, and basically said, Look, create a service account, and then give me this token with a domain wide scope.
然后你是不是想:等等,域内范围?
And you were like, Wait a second, domain wide scope?
这到底是什么意思?
What does this exactly mean?
所以它建议的是,我应该给它一个令牌,而不是针对它自己的邮箱账号,对吧?
So what it was suggesting is I should give them a token, not for its own email account, right?
我的意思是,通常运行OpenClaw的方式是尽量将它与其他所有东西隔离开来。
I mean, it's usually the way how you run OpenClaw is that you try to segregate it very well from everything else.
所以,是用自己的邮箱账户或苹果账户,想给它绑定信用卡也可以,想给它绑定借记卡也可以。
So, own email account or Apple account, own Apple account or credit card if you want to give it a credit card, or debit card if want to give it a debit card.
我们看到一家初创公司真的把它放在了单独的桌子上,我觉得这太搞笑了。
We saw one of our startups actually putting it on a separate desk, which I found just super funny.
是的。
Yeah.
分开之后,使用独立的硬件。
After separation, separate hardware.
对。
Yeah.
对吧?
Right?
没关系。
It's okay.
但就连桌子间距都要分开,对吧?
But even desk gap, right?
这又是一个。
That's one more.
是的。
Yeah.
但基本上,有人建议我给它一个令牌,让它能访问公司里每一个邮箱账户的全部权限。
So but basically, what it was suggested to me is to give it a token that would give it full access to every single email account in the entire company.
对吧?
Right?
这太疯狂了。
Which is crazy.
然后还赋予读取权限,对吧?
And then with read permissions for Right?
所有内容都
Everything to
普通用户遵循这一点。
normal user following that.
没错。
Exactly.
没错。
Exactly.
但另一点是,实际上那样做是可行的。
But the other thing is that actually would've worked.
对吧?
Right?
那肯定会完全奏效。
It would've totally worked.
对吧?
Right?
从它自身的角度来看,这确实是正确的做法。
In a sense, from its own perspective, it's exactly the right thing.
给我所有权限,让我能够做我
Give me all the permissions, enable me to do I
不想再打扰你了。
don't want bother you again.
没错。
Exactly.
所以,基本上,理解了这一点,再进一步查阅资料,了解谷歌的邮件安全模型,我认为这简直糟糕透顶,对吧?
So, basically, understanding this, and then reading up on it, understanding, I mean, also Google security model on email, I think, is absolutely horrible, right?
对于服务账号,目前我们只能授予整个域的访问权限,对吧?
For a service account right now, we can only give domain wide access, right?
你并不希望这样。
You don't want that.
你真正想要的是针对特定软件的权限,它们应该被移除,哦,事情常常变得复杂,对吧?
What you instead want is a software specific, they need to go away, oh, often things get complicated, right?
但回顾这一切,我认为这充分说明了,如果你不够谨慎,就可能创造出一种能够自我扩展、容易被社会工程利用的东西。
But going through all of this, right, I think it really, really shows how if you're not very, very careful, you can create something which can extend itself, can be socially engineered.
我觉得这是个新现象,对吧?
I think it's a new thing, right?
我们以前从未有过这种情况。
We've never had it before.
他们有一个复杂的软件系统,你实际上可以从中推断出社会工程学的手段,对吧?
They have a complex software system, which you can actually infer the social engineering, right?
它容易受到影响,没错。
It's subject to influence, exactly.
即使是对技术有一定了解的用户,也很容易以一种能造成巨大破坏的方式设置它。
And it's very, very easy for even a somewhat sophisticated user to set this up in a way that can do a massive amount of damage.
给团队的一个提示是,我们长期以来一直看到这种模式:将一个长期运行的代理放在沙盒中,大概从六个月到一年前就开始了。
One prompt for the group is we've seen this pattern of putting an agent, long running agent in the sandbox for a long time now, since I would say six months to a year ago.
那么,为什么OpenClaw会兴起呢?
So why did OpenClaw take off?
它有什么特别之处?
And then what's so special about it?
这是你的看法。
Here's about your view.
所以我发现设置和上手相对容易。
So I found it relatively easy to set up and get going.
而且我觉得有足够的文档和支持,我不需要花七个小时只为了配置 Telegram 使用场景并开始尝试。
And I think that there was enough documentation and support that I didn't have to spend seven hours to just do the Telegram use case and start playing with it.
然后它引出了其他使用场景,最终我遇到了阻碍,因为我没有七个小时去研究如何正确地配置账户。
And then it led to other use cases, and then eventually, I got blocked because I didn't have seven hours to spend figuring out how to provision accounts properly.
所以我只是觉得,这种易用性对那些可能不是每天生活在代码库中的人很有帮助。
And so I just think it's sort of that like, just that level of accessibility to users who are maybe not living in a code base day to day.
是的。
Yeah.
而你们可能比我花更多时间在代码上,我可能是世界上最差的程序员。
Whereas, like, I know you guys probably spend a lot more time in code than I do, and I am probably the world's worst coder.
但这个工具对我来说是可访问的。
But I was this was accessible to me.
所以只要有一定技术背景,理解核心原理即可。
So reasonably technical, understand core principles.
我的笔记本上装了Homebrew,所以能顺利把东西跑起来。
I do have homebrew on my laptop, so I can get stuff working.
但其他的代理框架用起来都很困难,特别不稳定,我根本不想花时间去调试别人的东西。
But, you know, the other agent frameworks were pretty difficult to use, incredibly flaky, didn't really wanna spend a lot of time debugging someone else's stuff.
所以我觉得这也是一个重要原因。
So I think that was a big part of it.
另一个关键点是,它能够自我扩展。
It is another major part of this that it can extend itself.
对吧?
Right?
我觉得这是我见过的第一个代理,我可以直接说:我想集成某个东西,结果它居然说:我从来没遇到过这个需求。
I think it's the first agent I've seen where I can say, you know, I want an integration with something, and it's, well, I've never seen this before.
没有现成的包支持这个功能。
There's no package for that.
但让我试着自己整合一下。
But let me try to put something together.
它会启动一个编码助手,尝试自我扩展。
It fires up a coding assistant, tries to extend itself.
但我认为这是新的。
But I think that's new.
它确实具有长期运行的特性。
There is definitely a long running nature of it.
比如,你让它运行一整晚,然后就会想:继续工作,直到完成为止。
Like, you leave it running for a night and then you're like, keep working on this until you finish.
我的意思是,Cursor 也能做到这一点,但不同之处在于,它们向最终用户提供了可见性,你可以通过手机或仪表板随时查看进度。
I mean, Cursor could do this too, but I think the difference is that they expose the visibility for the end user that you can keep checking with it from your phone or on the dashboard.
你希望安全地展示它生成了多少令牌,以及完成任务的速度有多快。
You hopefully securely expose how many token it's generating, like how fast it's completing the task.
所以,可见性这一部分很有趣。
So the visibility part is interesting.
另一个有趣的地方是更偏向专业用户和普通消费者的集成。
Another interesting part is the more prosumer consumer integrations.
比如,作为开发者,我完全可以自己构建这个,但我不会去开发所有那些长尾集成。
Like, if I, as a developer, I can totally build this, but I'm not gonna build all the long tail integrations.
比如,我不会把它连接到 Gmail 或 1Password。
Like, I'm not gonna hook it up to Gmail or 1Password.
我不想去碰 1Password 的 CLI 来把它变成我们的 MCP 或技能。
I don't want to touch the 1Password CLI to kinda give it to us as MCP or skill.
所以 MCP 层在这里也非常关键。
So MCP layer is also very critical there.
人们用它来做什么,这很有趣。
It is interesting what people are using it for.
我的意思是,Guido 提到过一个用例,就是你试图把你的 3D 打印机连接起来。
I mean, Guido was talking about one use case where you were trying to hook up your three d printer.
是的。
Yes.
目前还不能用,但我认为我们这个周末就能搞定。
It actually doesn't work yet, but I think we get to work over the weekend.
我想我们正在努力厘清边界。
I think we're trying to figure out the boundaries.
我们现在可以连接了,因为它可以自我扩展,这是一个全新的特性,它能够接入更复杂的系统,对吧?
We can now connect, because it can extend itself, which is a really new property, it can hook much more complex systems to it, right?
如果网上有某些文档或API,它大概能找出一些解决方案。
If there's some documentation somewhere on the web or some APIs, it can probably figure something out.
哪些集成是有用的,哪些不是,对吧?
Integrations And are useful, which are not, right?
实际上,
Actually,
这是个不错的提示。
that's a good prompt.
你们在OpenClaw上日常实际使用哪些集成?
What integrations do y'all actually use day to day on OpenClaw?
Claw?
Claw?
老实说,我现在还处于实验阶段。
I honestly, right now, I'm still in the experimentation phase.
我日常并不使用它。
I don't use it day to day.
是的。
Yeah.
我并不
I don't
让它无人监管地运行。
let it run unsupervised.
它不会整夜运行。
It doesn't run overnight.
我会一直在旁边看着它。
I'm there watching this thing.
我并不
I don't
所以,我探索了几个使用场景,因为我真的想把它直接放到 Mac mini 上运行,然后长时间不监控它。
So there's a couple of use cases that I've explored because I I really want to just set it free on the Mac mini and then not monitor it for a long time.
第一个集成实际上是这样的:我们有一家投资公司叫 Quiverr。
The first integration was actually I was so we have a portfolio company called Quiverr.
他们做 SVG 生成。
They do SVG generation.
所以我很好奇。
So I got very curious.
我想,如果我直接把任务交给 OpenClaw,让它通宵运行,为我生成一些游戏素材,只生成特定风格,然后用语言模型来质量检查,会怎么样?
I'm like, what if I just give the to OpenClaw and have it run overnight to generate some gaming assets for me, and then only generate to a certain style and then it can use LM to QA it?
所以我把 OpenClaw 和 Mellify Doc 用在了 Quiver 上。
So what I did is I give OpenClaw, Mellify Doc on Quiver.
我不想解释它是怎么工作的。
I don't wanna explain how it works.
我就说:去把这东西做出来。
I'm like, build the thing.
首先,构建 Quiver MCP。
First, build Quiver MCP.
使用 Open Code 和 Cursor 进行测试,确保你的实例能正常与 MCP 交互。
Test it with open code and cursor to make sure that you have an instance that actually works with the MCP.
然后,一旦运行正常,为我生成 100 个游戏资源。
And then once it works, generate a 100 gaming assets for me.
所以我正在业余时间开发一款游戏。
So I'm building a game on the side.
你知道,SVG 恰好是其中很好的可组合层。
Know, SVG happens to be a great composable layer of it.
我确实这么做了,早上收到了一个巨大的 ZIP 文件。
I actually did that and sent me a huge ZIP in the morning.
我打开一看,有些资源确实不怎么样,但大概有 60% 是可以直接用的。
And I open like, there are some assets that are just not great, but, like, there's, like, 60% of it that's very usable.
是的。
Yeah.
太棒了。
That's awesome.
然后我想,这些简单的任务我本来不想自己做,但因为你有一个长时间运行且可恢复的系统,你完全可以轻松地在框里完成。
And then I'm like, well, these are the simple task I wouldn't want to do it myself, but like, because you have something so long running and resumable, you could do it easily in a box.
这说得通。
That makes sense.
我的意思是,说实话,我目前用得还很少。
I mean, so I'm still using it very little, frankly, right?
它还不是我日常流程的一部分。
It's not part of my daily routine.
有几类情况我很喜欢。
There's a few cases which I like.
一个是当你收到一封邮件,想查一些和这封邮件相关的内容时,对吧?
One is if you have an email and you want to look something up related to that email, right?
真的很方便。
It's really nice.
你知道,有人给我发消息,比如‘Guido,我们能在XYZ见面吗?’
You know, somebody sends me, you know, like, Guido, can we meet at XYZ?
所以我可以直接转发,问:‘你能查一下在会议提议的时间,去那里开车需要多久吗?’
So I can just forward it say, Can you figure out what will be the driving times to this at this time when the meeting is suggested?
对吧?
Right?
然后就会有结果返回。
And something comes back.
或者更棒的是,比如说,我们想在某个咖啡馆见面,你问:‘它在哪儿?’
Or even nicer, can do something like, you know, like, like, let's say, you know, we want to meet at some cafe, and you ask, you know, where is it?
我就可以直接说:‘Yoko,你能帮我附上一个地图链接之类的吗?’
And I you can just be like, Yoko, can you just, you know, attach a map link to it or something like that.
所以我觉得,一旦我们把这个功能做得更安全一点,邮件将会是第一个杀手级应用场景。
So I think for me, you know, once we got this a little more secure, I think email is going to be the first killer use case.
能够说:‘帮我看看我的邮件,删除所有垃圾信息,把下周所有会议都加到我的日历里,或者核对一下它们是否都在,确保没有冲突,或者告诉我具体有哪些冲突。’
Being able to say, Look, look through my email, delete all the spam, everything, all the meetings for my conference, you know, next week, just put them in my calendar or double check that they're there and make sure there's no conflicts or, yes, tell me which conflicts there are.
所以,回顾这些功能,确实非常强大。
So so going through these things, right, that that is super powerful.
我收到了来自Guido的OpenClaw的一封邮件。
I did get an email from Guido's OpenClaw
昨天。
yesterday.
这个
The
有趣的是,OpenClaw问我:你想点波霸奶茶吗?
funny thing is that OpenClaw asked me, do you want to order boba?
如果你想点波霸奶茶,就去找Guido。
If you want to order boba tea, go ping Guido.
他会帮你下单。
He will place your
我当时就说,我那时候觉得
was like, I was like,
我们还在完善自动化流程。
we're still working on the automation.
这反而给你增加了更多工作。
That's creating more work for you.
这和你期望的自动化效果完全相反。
It's the opposite of what you want from automation.
但下单买东西还是很难。
But ordering stuff is still hard.
哦,真的太难了。
Oh, it's so hard.
在做这个播客之前,我们其实试过能不能实时下单并送达。
We so before this podcast, we actually tried to see if we can order fills in real time and get it delivered.
结果发现,如果你没有OpenClaw的账户,Uber Eats和DoorDash会有机器人检测机制。
It turns out Uber Eats and DoorDash, if you don't already have an account for OpenClaw, there's some bot detection.
即使你使用游客结账链接,下单体验有时还是会失败,这让我想到了下一个给团队的提示。
Sometimes that ordering experience just fails even if you give it, like, a guest checkout link, which led me to my next prompt for the groups.
你觉得什么会推动 OpenClaw 的下一波采用?
Like, what do you think will unlock the next wave of adoption for OpenClaw?
缺少了什么?
What is missing?
天啊。
Boy.
二进制文件,双击安装就能运行。
Binary, you double click install and get it running.
对吧?
Right?
我觉得,对于家庭使用来说,情况是这样的。
Like, I think it's I think there's sort of the for for for the sort of home use.
它通常不是独家的或者自我扩展的吗?
Isn't it usually exclusive or self extending?
是的。
Yeah.
嗯,不是的。
Well, no.
但我的意思是,只是为了让人能快速上手。
But, I mean, just to get people up and running.
我觉得,目前的安装流程我知道是存在的,但我觉得,如果能有一个设计精良的软件包,比如我爸爸都能下载并安装,那就更好了。
Like, I think I think the current installation path I know they exist, but I think, like, a slickly packaged software bundle of this stuff that maybe I'd say maybe my dad could download and install.
在这种情况下,你会不会直接把它做成一个服务?
Would would you, that case, just make it a service?
是的。
Yeah.
你可以把它做成一个服务。
You could make it a service.
Claw即服务?
Claw as a service?
大概吧。
Probably.
那样的话,就能解决很多安全问题了。
Well, that would then that would solve a lot of the security problems.
对吧?
Right?
你可以把它隔离起来。
You could contain it.
我认为你需要转向SaaS服务,因为你需要改变安全模型,但我其实不太确定该怎么做。
Think you need to turn to a SaaS service I for think you need to change the security model, and I'm actually not quite sure how.
实际上,这才是难题所在。
Actually, what's the That's the hard problem.
我的账户管理机制,比如,我们俩都花了好几个小时来为OpenClaw设置所有账户。
My account management paradigm, like, we both had to spend hours setting up all the accounts just for OpenClaw.
没错。
That's right.
好像OpenClaw是个真人似的。
As if OpenClaw is a person.
是的
Yeah.
对吧?
Right?
没有代理的概念
There's no agent concept
对于是的。
for Yeah.
是的。
Yeah.
是的。
Yes.
没错。
Exactly.
那会是什么样子?
What does that look like?
我的意思是,乔尔,你是关于Okta和我多年前进入SaaS世界时的那个领域的专家。
I mean, Joel, you're the expert on, like, Okta and the world where I came, you know, to the SaaS world years ago.
我觉得,现在安全始终是滞后的。
I think so, like, right now so security is always a laggard.
它总是被动应对的。
Just it's always reactive.
正如OpenClaw本身所展示的那样,它从来不是首要考虑的问题。
As OpenClaw itself is demonstrating, it's never front of mind.
所以,你需要开始思考,正如你所说,身份在这个世界里究竟意味着什么?
And so, like, you've gotta start thinking through what is I I mean, to your point, like, does identity mean in this world?
我认为,你有一系列必须相互交互的身份。
And I think you have this constellation of identities that have to interplay with each other.
你有正在协调OpenClaw的用户身份。
So you have the constellation of the user that's that's orchestrating the OpenClaw.
你有OpenClaw所访问的所有服务的身份,然后你还有那些自行启动的代理的身份。
You have the identities of all the services that it has access to, and then you have the identities of the agents that launch themselves.
我认为你会进入这样一个世界。
And I think you end up in this world.
而正是在这个方面,我对许多安全问题的解决感到相当乐观。
And this is where I'm actually quite hopeful about, like, a lot of security problems getting solved.
你想想,要让普通用户使用双因素认证有多难。
You have this world in which I mean, think of how hard it's been for us to get just normal users to use two factor authentication.
我来自Yubico。
Coming from Yubico.
我知道这就像
I know this is like
抱歉。
Sorry about it.
是的。
Yeah.
这就像是,我有个能防癌的东西,但人们还是说:‘算了吧,癌症也没那么糟。’
It's like, I have this thing that prevents cancer, and people are still like, nah, cancer's not that bad.
简直就是,因为人们总是觉得,
It's like literally like, because people are,
基本上,这能将钓鱼攻击降到零,并自动部署。
there's more or less, you know, takes phishing attacks to zero and auto deploys it.
是的。
Yeah.
人们对这类事情的容忍度低得惊人。
Like the threshold of tolerance for stuff for people is incredibly low.
人类总体上对这类事情的容忍度都非常低。
Just humans in general is incredibly low when it comes to stuff like that.
这些代理根本不在乎。
These agents don't care.
对吧?
Right?
所以我认为,这是一个机会,我们可以引入一些人类会觉得烦扰、根本不会去做的事,而这些代理却很可能会去做。
And so I think it's the opportunity where we could probably start to put in things that would annoy a human and a human would never do, these agents will probably do.
所以你可以开始考虑,也许PKI确实有合法的应用场景,我知道我一说PKI可能就得被赶出房间了,但也许PKI可以这样应用。
So you can start to look at maybe there's legitimate uses of, I know I'm gonna say PKI and probably get left out the room, but, like, maybe PKI founds an application in this way.
对吧?
Right?
精炼的隐藏式PKI。
Polished hidden PKI.
是的。
Yeah.
但这些代理会处理它。
Well, the agents deal with it.
它不会暴露在这些事件中。
It's not exposed to these events.
对吧?
Right?
像这样的事情,开始变得更有意义了。
Like, things like that start to make a lot more sense.
对吧?
Right?
你可以让人们开始有效使用密钥保管库。
You can get people to start effectively using vaulting.
你可以摆脱需要记住的密码。
You can get away from passwords that need to be memorable.
你可以达到这样一个阶段:身份可以在其授权范围和框架内上下调整。
You can get to this point where identities can step up and step down in their authorization scope and frameworks.
在这样一个世界里,我们一直以来从第一性原理出发所强调的、或者必须做的事情,过去因为人类不愿忍受这些麻烦而受阻,现在这些问题得到了缓解。
And you come into a world where all the things that we've always been saying from first principles or the things you need to do have been blocked by humans' lack of desire to suffer through them gets alleviated.
对吧?
Right?
所以,我觉得我们或许能解决很多问题。
So, like, I think maybe we can fix a lot of stuff.
所以,关于身份验证或身份问题,我们面临一个巨大的挑战。
So by the authentication or an identity problem, we huge issue.
我觉得还有两个。
I think there's two more.
一个是授权限制和监控的问题,另一个是当前一些网站的商业模式问题。
There's a question of authorization limits and monitoring, Then there's one of business models for some of the current websites.
我们先从授权开始。
Let's start with the authorization.
我真正想要的是,不要让亚洲地区访问我所有的邮件,因为这会带来巨大的攻击面。
Really, what I'd like to have is not giving the Asian access to all of my mail, because that creates a huge blast radius.
现在一旦这个东西被攻破,我所有说过的话、所有抄送过的邮件等等都会暴露。
This thing gets compromised right now, everything I've ever said has Mine screen scoping for it, every cc'd on, and so on.
所以,比如,不如让这个东西只能访问我的收件箱?
So instead, for example, how about this thing can only access my inbox?
这样会很有用。
That will be useful.
或者只访问我收件箱中带有特定标签的邮件。
Or only access emails in my inbox labeled something.
哦,那个。
Oh, that.
对吧?
Right?
没错。
Exactly.
对吧?
Right?
目前,谷歌在Gmail上完全没有细粒度的访问控制。
And right now, Google has zero fine grain access controls for Gmail.
根本没有任何控制。
There's absolutely nothing.
直到去年,你甚至在Drive上都无法对文件夹级别进行细粒度的访问控制,对吧?
Until last year, you couldn't even in Drive have fine grained access controls at a folder level, right?
你对整个Drive只有一个访问令牌,这在某种程度上太荒谬了。
You've got an access token for all of Drive, which is ridiculous to some degree.
展开剩余字幕(还有 480 条)
对于现在的Drive,我们可以使用服务账号来共享目录。
For Drive now, we've got service accounts that you can share where you can share directories.
所以如果你需要比这更精细的权限控制,比如针对邮件,然后我们再看亚马逊的下一步。
So if you need something probably even much more fine grained than that, you know, for for email, and then we want the next thing on Amazon.
我的支出限额是多少?
What are my spend limits?
它能购买什么?
What can it buy?
诸如此类。
And so on.
对吧?
Right?
所以我的意思是
So I mean
所以,我的意思是,这里有一个巨大无比的基础设施业务。
So so, I mean, there there's a huge, huge infrastructure business.
安全领域总是这样:最先被放弃的是代理。
And the way this always works with security is that the first thing that goes is proxy.
是的。
Yep.
所以你知道,一定会有一些代理和某种中介来管理这种访问。
And so you know that there's gonna be some sort of proxy and some sort of broker for that access.
对。
Yeah.
在某些时候,服务提供商自己可能会添加一些这些功能,但可能还会有一段很长的过渡期,期间你需要一套代理基础设施,让代理能够访问这些资源。
And and at some point, what always ends up happening is the service provider themselves may add some of those features, but there might be a long enough tail there that you do get a a proxying infrastructure for agents to access these things.
我有两个观察。
So two observations.
一是,我认为这里有很大的机会,让初创公司来开发这些代理。
One is, I think there's a huge opportunity for startups here to write these proxies.
对吧?
Right?
如果有人给我一个类似Sculpt Gmail的东西,我今天就会采用。
If somebody would give me, like, here's, you know, a Sculpt Gmail, I would adopt that today.
对吧?
Right?
但第二点是,我认为这是我三个观点中的最后一个。
But the second one is, I think, that's my the last of my three points.
我觉得这是一门生意,因为现在有些网站的大部分收入,甚至绝大部分利润都来自交叉销售,对吧?
Think it's a business, Because there are websites today where the majority of the revenue, and certainly the majority of profits come from cross selling, right?
如果这个网站突然只被代理使用,那就行不通了。
If this website is suddenly only used by agents, that doesn't work anymore.
如果他们只能这样,那就会破产。
If they're there, they're busy going out of business.
所以,今天它还没有API,至少对消费者来说没有。
So, today, doesn't have an API, at least for consumers.
DoorDash也没有API。
DoorDash doesn't have an API.
所有这些大型消费类网站都表示:不,我们不想要这个。
All of these large consumer sites are like, No, no, we don't want this.
我想成为那个,叫什么来着,双横线什么的,你知道的,为什么你不再买点XYZ呢?
I want to be the, what was it, double dash it or something, know, like, why don't you also buy XYZ?
你看,这里有一些推荐,对吧?
You know, here's some recommendations, right?
他们本质上不想要代理商。
They don't want agents, essentially.
所以我认为这里有一个有趣的问题是:大型现有企业会不会跟进,为代理商提供他们的功能?
So I think one interesting question here is, will the big incumbents catch up and offer their functionality for agents?
还是说我们真的需要专门服务于代理商的新公司?
Or do we actually need new companies that cater to agents specifically?
你可能会说,古多疯了,对吧?
And you may say, Guido is crazy, right?
为什么亚马逊不也成为头号代理商供应商呢?
Why would not Amazon also be the number one agent vendor?
让我们来看看面向代理的搜索。
Let's look at search for agents.
你可能会想,当然了,谷歌是排名第一的搜索引擎,所以它们也会成为代理搜索的头号平台。
You would be like, well, of course, Google is the number one search, so they're going be the number one search with agents.
但今天根本不是这种情况,对吧?
That's absolutely not the case today, right?
我认为它们已经不再有代理搜索项目了。
I don't think they have an agent search project anymore.
我们还没提到AXA、Brave以及其他一些正在做这件事的公司。
We haven't said AXA and Brave and a bunch of other companies doing this.
那么,我们是否真的需要替换掉电子商务和在线服务中一些大型的SaaS基础模块,并为代理重新设计它们?
So do we actually need to replace some of the big sort of SaaS building blocks of e commerce, of online services and redo them for agents?
我们认为哪些领域迫切需要构建专门面向代理的服务?
What are the areas where we think there's an agent specific service that need to be built yesterday?
没错。
Exactly.
或者,我的意思是,为什么谷歌没有做代理搜索?
Or, I mean, why does Google not have an agent search?
也许这仅仅是创新者的困境。
Maybe it's just innovator's dilemma.
我不知道,对吧?
Don't know, right?
但它
But it's
这听起来有点像创新者的困境。
It kind of a sounds like innovator's dilemma.
听起来确实是这样。
It sounds like it, yeah.
是的。
Yeah.
你的商业模式与某种特定的服务方式绑定得太紧,以至于无法转向其他方向。
Your business model is so much tied to, you know, in in a particular way to your service that you can't make the jump to to something.
其中一部分可能是因为围绕浏览器使用的一种误导性策略。
Some of it may have been this sort of head fake around the browser use.
比如,曾经有一种观点认为,这些工具只需使用浏览器,就能像人类一样浏览网页。
Like, was mid there was sort of a belief that, well, these things will just use browsers, and so they can navigate the web like a human.
如今在某种程度上确实可以,但我认为整个网站环境并不对机器人友好。
And they can to some extent today, but I don't think the whole website environment is friendly to bots.
最近我遇到一些供应商,他们因为某些原因关闭了机器人检测功能。
There are some vendors recently I've come across that turned off bot detection because of
这些用户。
these users.
是的。
Yeah.
这完全说得通。
That makes total sense.
这确实说得通,但同时也为滥用者敞开了大门
Which makes total sense, but then it also opens up the doors for abusers
你们和其他人应该专注于机器人的功能实现,而不是检测和阻止机器人。
You and other should be focused on bot enablement, not bot detection and prevention.
我的意思是,
Mean,
比如我去DoorDash时,他们有时会问:‘你是机器人吗?’,虽然是对人类问的。
if I go to, like, DoorDash, sometimes they'll ask, are you a bot, like, as a human?
你必须解决非常复杂的谜题。
And you have to solve very complex puzzles.
我在尝试为我在GitHub上的OpenClaw创建一个新的日志系统时遇到了这种情况。
I ran into this when I was trying to create a net new, logging for my OpenClaw on GitHub.
我不得不解了六个谜题。
I had to solve six puzzles.
这真的很难。
That's really hard.
然后是的。
And then Yeah.
那些拖拽的。
The drag and drop ones.
对吧?
Right?
还有那个放置的。
And drop one.
我当时就想,这现在真是升级到下一个层次了。
And I'm like, this is actually the next level now.
但如果我今天打开OpenClaw,会是什么样子?
But then what does it look like if I, today, open up OpenClaw?
我只需要去获取五个账户,无需人工干预,这里我给你一个凭证。
I'm just like, go get five accounts without human intervention, and here's one credential I can give you.
那会是什么样子?
What does that look like?
如果我不必花几个小时去尝试把它填入所有这些账户呢?
And then what if I just don't have to spend hours trying to get it into, you know, all these accounts?
是的。
Yeah.
我的意思是,对于许多公司来说,正如吉多所提到的商业模式,他们不得不重新思考这套体系是如何运作的。
I mean, I think for a lot of these companies, to Guido's point about the business model, they're gonna have to refigure kinda how that stack works.
而且他们必须意识到,安全始终是一场防御与纵深的博弈,当你接触到捕获和前端机器人检测时,那只是尖端部分。
And they're gonna have to move security is always a game of defense and depth, and you're sort of when you hit capture and you hit the front end bot detection stuff, that's like the the tip of the spear.
你只是在触及这一层而已。
You're kinda just hitting that layer.
在防御中,有一个概念叫做‘内堡’。
You're gonna have to there's this concept in defenses in def in in defense called, like, the redoubt.
就像你退回到内部的城墙后面。
Like, you retreat back to the wall inside.
我认为,由于智能代理的出现,许多外围控制措施将不得不转向后端系统。
And I think what we're gonna see for a lot of these perimeter controls because of agents is that they have to move to more of the back end systems.
你必须更深入地理解你的业务运作方式,以便识别出类似的情况:你可能希望机器人进行注册。
And you have to build a more sophisticated understanding of the way your business operates so you can spot things like, you're gonna want bots to register.
你希望机器人和代理都注册。
You're gonna want bots to sign up and agents to sign up.
你必须保护系统内部可能被滥用、剥削或欺诈的地方。
What you have to do is protect the things inside the system where there could be issues of abuse or exploitation or fraud and stuff.
对吧?
Right?
与其做机器人检测,我觉得DoorDash应该搞个‘欢迎机器人’横幅。
Instead of bot detection, what I don't know, DoorDash should have is a bots are welcome banner.
对吧?
Right?
如果你是机器人,请点击这里。
If you are bot, click here.
使用我们的API。
Use our API.
是的,是的。
Yeah, yeah.
就像这样,这是API,你可以注册成为机器人,注册时或许可以说明一下你的主人是谁之类的
Just like, here's the API and, you know, please sign up as a And when you sign up as a bot, maybe state who your, you know, who your master is or something
是的,完全正确。
like Yeah, 100%.
这太对了。
That's so true.
让他们注册。
Register them.
把他们的个人信息给我们。
Give us their PII.
是的,一个
Yeah, one
一个例子是只读的使用场景。
example of this, which is like a read only use case.
Millify实际上在这方面做得非常好。
So Millify actually does it really well.
如果这是一个编码代理访问网站,系统会提示编码代理使用语言模型。
If it's a coding agent access the website, it will prompt the coding agent to have a LM.
使用TXT而不是浏览网页,因为从框中查找要慢得多。
TXT instead of viewing the web, like, because it's just much slower to have found in boxes.
对吧?
Right?
你希望将紧凑的文本块发送回代理。
And you want the compact text blob to send back to the agent.
我的意思是,这是一个只读用例。
I mean, that's a read only use case.
所以我很好奇,对于代理来说,网页上的正确用例会是什么样子。
So I do wonder what, you know, right use cases will look like on the web for the agent.
这并不是说,它可能是API,但代理仍然需要账户身份和API等等。
It's not some I mean, it could be API, but the agent still needs an account identity and API, so on and so forth.
它可能是CLI和API之间的某种中间形式。
It could be something in between CLI and API.
是的
Yeah.
为什么不能用 API 呢?
Why should it not be API?
它可以是一个 API。
It could be an API.
只是你首先需要申请一个令牌。
It's just you need to issue a token first.
要申请令牌,你需要一个账户。
So to issue a token, you need an account.
要获得账户,你需要一个人类。
To get an account, you need a human.
我不想参与其中。
And I don't want to be in the loop.
我的意思是,假设我给我的机器人一个电子邮件地址或 Telegram 之类的账户。
I mean, let's say I give my bot an email address or a telegraph, telegram, or whatever it is.
对吧?
Right?
得有个某种账户。
There's some kind of account.
你可以这么说:你好,机器人。
You could say, Hello, bot.
你需要注册一个某种账户。
You need to register with some kind of account.
这就是问题所在。
That's the try right
GitHub会问你:你是机器人吗?
where GitHub will ask you, Are you a bot?
解这些谜题。
Solve these puzzles.
不,不是的。
No, no.
我的意思是首页,你知道的,欢迎机器人,点击这里。
What I mean is front page, you know, bots welcome, click here.
对吧?
Right?
或者,你知道的,然后会有机器人API,注册机器人的功能。
Or, you know, and then there's like, here's the bot API, here's the register bot function.
对吧?
Right?
然后,一旦你有了令牌,这里就是所有后续的功能。
And then here, you you once you have a token, then here's all the the following functions.
对吧?
Right?
这样会更合理。
That that would make sense.
机器人的界面让我想起了另一件事,那就是自动化界面在OpenClaw的推动下已经发展了很多。
The bot UI does remind me of something else, which is like the automation UI has evolved so much, with OpenClaw.
我记得几年前还在用这些RPA工具。
It used to be I remember using these RPA tools maybe a couple of years ago.
那时候全是拖拽操作。
It was a lot of drag and drop.
我从一个UI框连接到另一个UI框。
I I connect the dots from this UI box to another UI box.
现在则更多是描述目标结果,然后让机器人不断尝试,直到达成正确结果,最大限度地利用推理时的计算资源。
Now it's so much of, like, describing that outcome and ask the bot to keep spinning until you get this right, to kinda leverage, test time compute to the max maximum.
我不在乎要花多少次尝试,不断运行下去。
And I don't care how much toes I have, like, spinning out.
所以我的疑问是,这个UI层的未来会是什么样子?
So my curiosity becomes, what does the future of this UI layer look like?
你如何与你的RPA工具或个人助手互动?
How do you interact with your RPA tools, personal assistant?
是通过提示词吗?
Is it a prompt?
是某种别的东西吗?
Is it yeah, something else?
我的意思是,这正是最令人兴奋的部分。
I mean, this is that's the truly exciting part.
我是说,CISO们一般来说,你永远不该听他们的产品建议。
So I am I am know, CISOs in general, you should never take product advice from.
我们根本就是你见过的最糟糕的产品思维者。
Like, we are we are the worst product thinkers you've ever met.
但仅仅想到我们要重新彻底思考这类产品的体验,就让人无比兴奋。
But, like, just the fact that we're gonna go through this exercise of fundamentally rethinking what the product experience is for this stuff is just incredibly exciting.
正是在这些时刻,你看到思维方式的转变,从那种RPA的拖拽操作。
It's these moments where you see the transition between ways of thinking about the world and going from that RPA drag and drop.
对吧?
Right?
还记得伪代码吗?
Remember pseudocode.
对吧?
Right?
然后是拖拽和所有这些操作。
And then drag and drop and all these sorts of things.
而现在,你只需用自然语言表达你的需求,机器就会自动完成,这带来了完全不同的用户体验。
And now it's just sort of natural language expression of what you want, and the machine fulfills it, which just drives a completely different user experience.
对吧?
Right?
用户界面直接消失了。
And a user interface just disappears.
所以,是的,我的意思是,我不知道,我可能是最不该谈这个的人,好吧,比如,
So, yeah, I mean, I I don't know, and I'm the last person that should probably Well, like,
界面消失?
interface disappear?
我不确定这一点。
I'm not sure about that.
真的吗?
Really?
我觉得是的。
I think so.
不。
No.
我的意思是,你现在显然在更高的层次上定义你的任务。
I mean, you're you're obviously, now you you define your tasks on a much higher level.
对吧?
Right?
但我仍然希望了解任务是如何执行的。
But I still want to be kept in the loop how the task is being executed.
是的。
Yeah.
通常,我会指定一个任务,但我从来不会精确到把所有可能的权衡和设计选择都明确列出来,对吧?
Usually, I specify a task, I'm never precise enough that I'm busy all the possible trade offs and design choices, and these things are clearly specified, right?
所以每当发生这些情况时,要么我应该成为Guido,我该怎么做呢?
So whenever one of these things happens, either I wanna should be Guido, what should I do here?
或者至少应该是Guido,我决定做X。
Or at least it should be Guido, I decided to do X.
对吧?
Right?
所以你可能仍然需要某种用户界面。
So you probably still want some kind of user interface.
对吧?
Right?
我的意思是,它看起来非常不同。
I mean, it looks very different.
别误会我的意思。
Don't get me wrong.
但是
But
我的意思是,我觉得你大概是使用这类工具的用户中处于最右端的那类人。
I mean, I think you probably live on the far right side of the distribution for for users of this stuff.
你能想到谁会这么说吗?
What can you think that said.
我本来想说,左端是那种完全傻瓜式的代码。
I was about to The say left side is, like, total wide code.
比如,给我一个帮我去规划婚礼的应用,而不是那种一步一步教你如何做架构选择的指导。
Like, total, like, give me an app to help me plan my wedding versus sort of, like, I want step by step instructions on architecture choices.
这里其实有一个谱系,我认为大多数人会落在
Like, there there's like a there's a spectrum there, and I think most people land in
这个谱系的中间位置。
the middle of that.
我觉得
Like, I think
你可能希望在出现重大问题或系统失败时收到提醒,但我不确定是否需要对进度也做通知。
you probably wanna get pinged on stuff where it's like a big deal or something fails, but I don't know about, like, progress.
我的意思是,正如我所说,我可能是最不适合的人
I mean, mean, like I said, I'm the worst person to
获取产品。
get product.
好的。
Okay.
我认同进度这部分。
I buy the progress part.
只要给我最终结果就行。
Just give me the end result.
但如果存在有意义的选择的话。
But but I if there's if there's meaningful choices.
对吧?
Right?
是的。
Yeah.
但你可能会提前得到这些。
But you would probably get that upfront.
推理过程
Does the inference
来策划我的婚礼。
to plan my wedding.
这涉及旅行吗?
Does it involve travel?
对吧?
Right?
是的。
Yeah.
是的。
Yeah.
是的。
Yeah.
这可能会改变一些事情。
That may may change things.
但你可能会与Yeah经历一些迭代过程。
But you would probably have some iterative process with the Yeah.
没错。
Exactly.
那就是用户界面。
That's the UI.
嗯,
Well,
是的。
yeah.
我的意思是,我想会是这样的。
I mean, I guess it would be.
我的意思是,也许吧。
I mean, maybe.
给我看一下流程图,或者类似的东西,展示一些概念。
Show me a flowchart or something like or show me, like, concepts.
我的意思是,那里可能还有一些方面没考虑到。
I mean, I think there's still some aspect there.
也许所有东西都只是带图片的文字。
Maybe it's all just text with images.
我不知道。
I don't know.
OpenClaw 在 UI 上演进的一种方式是,他们的应用非常清晰地抽象掉了定时任务。
It could One way OpenClaw has evolved the UI a little bit, which is, like, very clear on their app is it abstracted away cron jobs.
作为开发者,我以前总是手动编写定时任务的调度。
As a developer, obviously, I used to handwrite the cron job schedule.
每次都得去查一遍。
Always have to look it up.
这太糟糕了。
It's terrible
定时任务。
cron job.
它以相同的方式定义调度。
It defines the schedule the same way.
但现在你不再关心它了。
But now you don't really care about it anymore.
比如,我在研究 OpenClaw 时想,为什么你五分钟前没通知我这件事?
Like, I was investigating with OpenClaw on, like, why did you didn't you notify me five minutes ago on something?
然后我就去看看。
And it's like, let me take a look.
好的,这是我的定时任务。
Okay, here's my cron job.
定时任务的工作方式是:它会唤醒,然后给我发个通知,我就会醒过来,大脑处理一下,再给你发个消息。
So how the cron job works is that it will wake up, it will ping me, and I will wake up, and I'll my brain will process it, and I'll ping you.
所以现在就是这样运作的。
So that's how it works now.
我的意思是,我根本不在乎调度在系统层面什么时候唤醒。
Like, don't really interact with like, I don't care about when the schedule wake up in a systematic level.
更准确地说,现在有一个大语言模型在为我管理所有系统并协调它们。
It's more, there's an LM taking care of all the systems and orchestrating all of them for me.
我觉得这很有趣。
I think this is interesting.
在某种程度上,OpenClaw 所做的,是把我们以前在软件开发中拥有的所有自主性,开始逐步应用到系统层面。
To some degree, think what OpenClaw has done is it's taken all this autonomy that we had before for software development, and now it starts applying a little bit at a systems level.
是的。
Yeah.
对吧?
Right?
现在不再只是关于代码本身,而是关于围绕它的所有事情——集成、定时任务、操作系统、端口,诸如此类的东西。
It's no longer about just the, you know, my, the code itself, but all the things around it, the integrations, you know, the cron jobs, the operating system, the ports, you know, these things.
当你仔细想想,电子邮件其实就是人类的队列基础设施。
And when you think about it, email is the queue infra for humans.
而Cronjob就是给代理使用的队列基础设施。
And Cronjob is the cue infra for agents.
现在你只需要将所有这些线索抽象出来交给代理,它们就能自行处理,但有时它们确实需要唤醒并调用一个非常昂贵的函数——比如请人类做某事。
Now you just get to abstract away all of that and give all the cues to the agent and they can just process But sometimes they do need to wake up and then use a very expensive function call, which is ask a human to do something.
是的。
Yeah.
比如请Guido订购波霸茶包。
Like ask Guido to order boba tea bags.
在未来,它们会有令牌预算和人类交互预算。
In the future, they have a token budget and a human interaction budget.
对。
Yeah.
我们需要为人类确定自己的令牌阈值。
We need to figure out our token threshold as humans.
对于OpenClaw来说,你们最期待但目前还不存在的扩展功能有哪些?
For OpenClaw, I guess, what are the extensions that you all are most excited about that don't yet exist?
或者你希望看到哪些系统改进?
Or what are the system improvements you want to see?
我认为最重要的是各种消费类网站,目前这些网站很难集成。
I think my number one thing would be various consumer sites, which currently are incredibly hard to integrate.
消费类网站?
Consumer sites?
比如像DoorDash这样的消费类网站,还有旅行预订之类的网站。
Like consumer websites, like DoorDash, like, you know, like travel booking and all these sites.
它们,我的意思是,我们需要更好的AI代理接口吗?
They, I mean, we need better, what is it, AI agent interfaces?
我们目前还没有这方面的尝试。
We don't have attempt for that.
还有用户界面,对吧?我们需要为Claw和代理提供等效的界面,让它们能与这些服务交互。
As well as user interfaces, right, we need the equivalent for Claw's and agents that they can talk to these services.
现在,你基本上必须通过浏览器操作来实现,通常都是通过浏览器,而且非常不稳定。
Right now, you basically have to implement them via browser use or, you know, typically via browser use and and it's super brittle.
对。
Right.
对吧?
Right?
这效果不好。
That doesn't work well.
作为一个安全爱好者,我要说安全工具。
As a security nerd, I'm gonna say the security tools.
也就是说,它们与密码管理器的集成相当不错。
It's gonna be I mean, so, like, their integrations with password managers are pretty cool.
是的。
Yeah.
是的。
Yeah.
而且它们运行得非常好。
And they work, like, incredibly well.
这其实挺有趣的,因为密码管理器就是这样一种东西——虽然不是安全最佳实践,但肯定比大多数人做的要好。
And it's it's really funny because, you know, password managers are one of those things where it's not security best practice, but it's certainly better than what most people do.
所以这是一种净收益。
And so it's a net improvement.
也许你没法同时做到健康饮食和锻炼,但如果你能做好饮食,或许就能有所帮助。
Maybe you can't do diet and exercise, but if you can get diet right, maybe that helps.
因此,当这些安全工具逐渐加入时,你可以让这些代理在你身后默默监控,确保你不会做出愚蠢的举动。
So as it starts to add these security tools, you could just have these agents that kinda look over your shoulder and make sure you're not doing anything stupid.
这些前沿模型在识别钓鱼和欺诈行为方面极其出色。
These lay the the the frontier models are incredibly good at spotting phishing and frauds.
也许如果你让它们处理你的邮件收件箱,它们就能以传统控制手段做不到的方式,帮你移除和标记一些内容;当你编写代码、使用服务,或搭建基础设施时,它们能确保你不会过度配置资源。
And maybe maybe if you have them working through your email inbox, they can help kinda remove and flag some of this stuff in a way that the traditional controls don't work As you write code or you use services or maybe you create some sort of infrastructure, they make sure that you don't over provision.
对吧?
Right?
比如,我作为普通用户没法用 Wizz,但我确实需要某种工具,确保我在 S3 存储桶里不会设置错权限。
So, like, I I can't run Wizz as a as a home user, but maybe I do need something that probably makes sure that I don't set their permissions wrong in an s three bucket.
所以像这样的东西,我觉得非常强大。
So stuff like that is, like, incredibly powerful, I think.
它确实可以,但在这方面,我属于另一个极端。
Like, it it could but, again, I'm on the other side of the distribution on this one.
会有一个专门针对 Vault 的代理吗?
Will there be an agent specific Vault?
我的意思是,我以前在 HashiCorp 工作,但我非常喜欢 Vault 这个开源工具。
I mean, I used to work at HashiCorp, but I love Vault, the open source tool.
它太有用了。
It's so useful.
它简直就是定义一代工具的存在。
It's just like, it's generation defining.
所以现在问题变成了,你知道的,工作负载有些不同。
So now the question becomes the, you know, the workloads are a little different.
对于像 OpenClaw 这样的世界,有没有一个专门针对代理的 Vault?
Is there an agent specific Vault for OpenClaw of the world?
这看起来有什么不同吗?
Does that look different?
我基本上就用一个密码。
I I kind of use just one password.
一个密码有很多缺陷,对吧?
One password has lots of flaws, right?
我的意思是,我对当前的安全模型既非常满意又非常不满意。
I mean, I'm currently very happy, unhappy with our security model.
我认为我不会特别推荐它。
Think I would not necessarily recommend it.
但它们可以基本上创建一个新的保险库,获取一个令牌,然后把这个令牌交给代理,这样代理就能访问该保险库中的所有内容。
But they, they're, they're, they're, you can basically just create a new vault, get a token, give that to the agent, then the agent can access everything that's in that particular vault.
所以它不会轮换令牌,而这是Vault本来可以做到的。
And so doesn't rotate the token, which is what vault could do.
我的意思是,有可能,是的。
I mean, possibly, yes.
是的。
Yes.
但轮换令牌的问题在于,我们先定义一下令牌。
But the problem with rotating, so let's define token.
轮换访问保险库的令牌,我不清楚这究竟带来了什么优势,因为你知道,
Rotating the token to access the vault, it's not clear to me what that gains necessarily because, you know,
一旦发生泄露,对吧?
It'd as long a breach, right?
那将是泄露后的响应措施。
That would be a breach response.
但你可以监控谁访问了保险库,所以也许吧。
But you can monitor where you get to where the vault is accessed from, so okay, maybe.
我认为更重要的是,保险库里的所有令牌都应定期轮换,因为这些令牌,你知道,我无法监控。
I think the more important thing would be all the tokens that are in the vault, want to rotate, you know, from time to time because those, you know, I cannot monitor.
但问题是,这些通常是消费者网站,而我认为消费者网站根本无法轮换令牌。
But the problem is, those are often consumer sites, so I think consumer sites have zero functionality rotating tokens.
我的意思是,除了去某个糟糕的用户界面里手动操作,还有别的办法吗?
I mean, other than going into some crappy UI and doing it there, right?
所以
And so
我的意思是,浏览器中的 Cookie 就是一种令牌轮换的形式,因为它会时不时更新。
I mean, cookies in a browser is a form of token rotation because it updates once in a while.
然后很多代理的做法是,拿走 Cookie 令牌,然后隔一段时间就刷新一下。
And then what a lot of the agents do is, like, they take the cookie token, and then they refresh it once in a while
用来读取。
to read.
所以,我意思是,这是最原始的实现方式。
So I mean, the first very hacky way to do that.
我代理做的第一件不靠谱的事就是开始查看 Cookie。
First sketchy thing my agent did was start looking cookies.
我当时就只想说,我没让你这么做。
And I was just like, I didn't ask you
要做的,你也没问我。
to do did ask me.
所以当我试图在DoorDash上下单时,根本过不了机器人检测,但你可以把你的用户名和密码给我。
So when I was trying to place the sales order on DoorDash, it's like, I can't get through this bot detection thing, but you can give me your username and password.
不推荐,但确实管用。
Not recommended, but that will work.
为什么要用一个独立的账号?
Why give it a separate account?
我可以给它一个独立账号,我只是需要创建一个。
I could give it a separate account, I just need to create it.
我认为,对我来说,这一点很重要:未来,代理必须拥有完全独立的账号。
And I think, to me, I think that's important, that I think in the future, agents should have separate accounts for absolutely.
对吧?
Right?
它们绝不应该与你共享,因为你希望在那里面维持一个独立的信任域。
They should never share with you because you want to just keep a separate trust domain there.
你可能想把账户关联起来,对吧?
You probably want to link the accounts, right?
但可以使用虚拟API密钥、虚拟信用卡之类的,这样到头来每件事都有明确的归属和方向,是的。
And it's, but give virtual API keys, virtual credit cards, you know, so something that they, that everything at the end of the day has a lay off and direction in between, Yeah.
他们可以监控
They can monitor
我对OpenClaw的期望实际上是更偏向多线程模型。
My wish list for OpenClaw is actually more of a multithreading model.
如今它是非常单线程的,这对单个任务来说很好,你可以创建新会话。
So today it's very single threaded, which is great for single tasks, and you can create new sessions.
但当你同时运行五个任务时,它就会出问题,而这对个人助理代理来说是很常见的。
But it kind of breaks when you have, like, five tasks running in parallel, which is pretty common for these personal assistant agents.
比如,我想在一个线程上生成游戏资源。
So for example, like, I wanted to do, you know, generate the gaming assets on one thread.
但同时,我又想写点代码,使用编码工具。
But then at the same time, I wanted to go code up something, use the coding tools.
当这种情况发生时,它实际上变得非常慢,或者会在任务之间切换。
When that happens, it actually became really slow, or it will switch between the task.
所以,目前会话之间的上下文并没有被完美管理,而且速度很慢。
So like the context between the sessions actually is not managed perfectly today, and it's very slow.
我不确定是因为模型太慢,还是只是界面比使用Deep时要慢得多。
I don't know if it's because the models are slow or like it's just, the UI is just like slower than like say if I were to use Deep.
是的,确实如此。
Yeah, very much.
我的意思是,经常卡住。
I mean, like, hangs often.
我安装时,默认的内存设置就出问题了。
When I installed it, memory by default was broken.
我第一次让它使用iMessage时,它没有使用自带的Bluebubble集成,而是试图从头开始编写代码。
You know, first time I asked it to use iMessage, it, for some reason, didn't use the Bluebubble integration that comes with it, but instead just tried coding something from scratch.
我喜欢这一点。
I love that.
我当时想,你在做这个吗?
It was like, are you doing this?
哦对,我们也可以使用标准集成。
Oh yeah, we could also use a standard integration.
那可能更快。
That's probably faster.
我当时想,好吧,先停下,然后改做那个,我
I was like, Okay, stop and then do that instead I
我不禁怀疑,OpenClaw代理的“自建还是采购”决策,是否遵循了模型本身的“自建还是采购”决策分布。
do wonder if the build versus buy choices from the agents, OpenClaw agents, follow the distribution of a build versus buy choices by the model.
例如,如果你提示Codex,它会选择全部自建,还是OpenClaw之所以选择全部自建,是因为某种系统工程的原因?
So for example, if you prompt codex, would it choose to build everything, or is OpenClaw choosing to build everything because of some system engineering?
不。
No.
这确实是个很公正的观点。
It's totally fair point.
我们应该跑个基准测试。
We should run a benchmark.
可能就像典型的企业的做法,完全是随意的。
Probably works like a typical enterprise where it's arbitrary.
所以,是的。
So, like, yeah.
你为什么要开发它?
Why'd you build it?
因为我们做了。
Because we did.
是的。
Yeah.
翻转。
Flip.
是的。
Yeah.
Coin 那你们接下来计划在 OpenClaw 上实验哪些新功能?
Coin So what's the next set of things you guys plan to experiment on OpenClaw?
我的意思是,这其实是现在许多 IT 组织和公司都在思考的大问题:该如何运行这些东西?
I mean, and this is the this is the big thing for, I think, a lot of a lot of IT organizations and a lot of companies right now is figuring out how do you run these things.
我记得刚起步的时候,我想着,哦,可以把它们跑在容器里,启动一个环境,然后加载进去。
And just like, I remember when I started, I was thinking, oh, well, you can run it in container, spin something up, and load that.
但后来发现,这些东西会写代码,还挺聪明的,很可能能逃出容器。
And then it was like, well, these things write code, and they're pretty clever, and they can probably escape containers.
有很多理由让你不想这么做。
And there's a lot of reasons why you wouldn't wanna do that.
也许你会考虑用虚拟机,沿着这条路走下去,然后你会发现,既然已经投入了,那就别在乎这点代价了。
Maybe it's a VM and sort of looking down that road, and then it's like, well, you're already you're already in for a penny.
干脆直接买台 Mac Mini,一劳永逸。
Might as well go for a pound and just buy a Mac Mini.
对吧?
Right?
所以我认为,现在默认的做法是干脆就在 Mac Mini 上运行它们。
And so I think, like, the the default motion for this now was sort of like, let's just run them on Mac Minis.
现在想找台 Mac Mini 可不容易。
Good luck finding a Mac Mini right now.
但这样一来,这就变成了一种专用硬件的方案。
But but so, like, it's become a dedicated hardware thing.
那么,在我看来,最终的问题是:你执行这些东西的底层架构到底是什么样子?
And then the so the question ultimately in my mind is, like, what is the stack in which you execute these things look like?
你该如何在不给公司带来风险的前提下,把这些东西部署到员工的桌面上?
How do you actually bring this to, like, an employee's desktop without putting your firm at risk?
是的。
Yeah.
我觉得这类问题非常困难,至今尚未解决。
You know, that sort of stuff, I think, are really difficult, unsolved problems.
我仍然不太确定。
I'm I'm still not sure.
我认为我们离将这种模式融入我的日常主要工作流程还很远。
I think we're still quite a bit away from this becoming part of my daily sort of mainline workflow.
在边缘地带,它或许能处理一些零散任务。
On the fringes, it can pick up a couple of tasks.
比如在安德森·霍洛维茨公司,究竟在什么情况下,我会说,把访问权限给预条款和尽职调查文件夹之类的?
To, like, say, at Andreessen Horowitz, right, what is the point where I would say, just give this access to, you know, preterms and due diligence folder, or something like that, right?
这可是个巨大的飞跃,我觉得我们离那还很远。
That is a pretty big leap, and I think we're pretty far away from that.
我不太会去设定权限范围。
I wouldn't find a scope for permissions.
我可以想象,按照你描述的这种模型,未来可能发展到我转发一封邮件,说:‘做点什么,分析一下,我不知道。’
Could see it getting, like with the model you described, a to point where I forward an email and say, do something, analyze I don't know.
比如,看看这些数据
Like, look look at the the data
在这里
in here
并获得一些结果。
and get some results.
即使是一个简单的用例,比如为我们团队会议订购波霸奶茶。
Even a simple use case here, like ordering us boba for our team meeting.
对吧?
Right?
我觉得在企业IT环境中,要安全地实现这一点仍然很难,除非你
Like, I think it's still not it's still hard to make that work, I think, within a corporate IT environment in a safe way, unless you
使用专用硬件。
do dedicated hardware.
我同意。
I agree.
是的。
Yeah.
然后把它拿出去。
And take it out.
我的意思是,虚拟机?
I mean, a VM?
你觉得它
Do you think it
我的意思是,你认为有逃逸的风险吗?
I mean, do you think there's the risk of escape?
我的意思是,这风险挺大的,我的意思是,如果我们
Mean, that's a pretty good I mean, what if we
我们在办公室里放一台Mac mini,专门运行OpenClaw,但不给它
have a Mac mini inside of our office that just runs the OpenClaw but doesn't give it I mean,
我觉得这就是我们要做的。
I think that's what we're gonna have.
我觉得这正是我们现有的方案。
I think that's exactly what we have.
是的。
Yeah.
但Mac,这无法扩展。
But Mac, that doesn't scale.
对吧?
Right?
你有六百到一千人,总不能买一千台Mac mini吧。
You've got you've got 600 or to a thousand people, and it's just sort of like, well, I can't buy a thousand Mac minis.
是的。
Yeah.
听我说,我觉得用虚拟机是可以实现的。
Look, I think we can get there with VMs.
我觉得你可以有一台专用主机,运行十几台虚拟机,供十几名员工使用,这样就可以了。
I I I I I'd be like, you say you have a dedicated host that runs, you know, like a dozen or so VMs for a dozen employees, it's like, okay.
BlastRadio应该没问题。
BlastRadio is probably okay.
但还是存在这个问题。
But but there's still the the issue.
如果它从某个OpenClaw几乎公告上下载了最新找到的集成呢
What if this downloads the latest integration it found on some OpenClaw Almost bulletin the same
存储污染。
store poison.
没错。
Exactly.
所以,你希望以某种方式限制影响范围,对吧?
So, then you want to restrict the blast radius somehow, right?
我的想法是,你能不能这样做,比如,我给它访问某些文档或某些邮件的权限,对吧?
It's like, look, so, I mean, what I thought about is, could you do something where, for example, I give it access to, say, certain documents or certain emails, right?
而且我必须以明确的方式进行设置,对吧?
And I sort of have to it in an explicit way, right?
也许我可以设定,比如,我今天的收件箱,你有访问权限之类的。
Maybe I can say, my inbox for today, you have access or something like that.
但每天午夜,它会重置。
But then every night at midnight, it resets.
对吧?
Right?
这样我会感觉好一点。
That would make me feel a little bit better.
对吧?
Right?
所以有人可能会泄露一天内的内容。
So somebody can compromise a day worth of stuff.
这正是我们在容器基础设施中对Kubernetes所做的,对吧?
This is what we do with Kubernetes, right, in our container infrastructure.
没错。
Exactly.
调用主节点,重启它。
Call master, reboot it.
是的,没错。
Yeah, exactly.
所以偶尔你只需要重置状态,这样会简单一点。
So occasionally occasionally you just reset state, and that makes it a little bit easier.
懂吗?
Know?
如果你再为每件事都设置独立的账户,我真的不建议你用我的账户做任何事情,老实说。
And then if if if you have that plus separate accounts for everything, I I don't think I don't think you should ever use my account for anything, honestly.
应该分开使用。
Think it should be separate.
而且它大概永远都不应该在你的机器上本地运行吧?
And it should probably never run locally on your machine?
我的意思是,不要在你的笔记本电脑上运行。
In a mean, on your On your laptop.
是的。
Yeah.
对。
Yeah.
这是不同的信任域。
That's a different trust domain.
是的。
Yeah.
今天,我认为对于临时性任务,比如定时任务、唤醒后查看某物但不记住它,是相当安全的。
Today, I think it's pretty safe for the transient, like cron job, wake up, look at something, but do not remember it kind of task.
例如,每小时唤醒一次,查看我的日历,看看我什么时候有空或没空。
So, for example, like, maybe every hour wake up, look at my calendar, see when I'm busy or not.
如果我不在家吃晚饭,就告诉我丈夫。
If I'm not gonna be home for dinner, tell my husband.
所以,这是一个我相当放心的使用场景。
So that would be a use case I'm pretty comfortable with.
实际上,如果你看看个人笔记本电脑上应用程序的使用分布,只有少数几个应用是常用的。
So there's actually a lot of if you look at the apps distribution on usage on your personal laptop, there's only a couple.
比如Slack,我们一直在上面交流。
Like there's Slack, we talk to each other all the time.
还有邮件,你大部分时间都花在邮件上。
There's email, which is like most of the time you spend on email.
还有各种编码工具,那是另一回事。
There's like all the coding tools, that's like something else.
还有日历。
There's calendar.
所以如果你能简化邮件和日历中的某些任务的话。
So if there you can just streamline certain tasks on email and calendar.
这对个人助手来说将是一个巨大的优势。
That's actually a huge win for personal assistant.
还有一长串类似的情况,比如我在Notion上写东西。
And there's a long tail of like, I write this thing on Notion.
但在这种情况下,对于智能代理来说,只是纯文本格式。
But in this case, for the agents, it's just markdown.
然后你可以将它保存在任何地方。
And then you can persist it anywhere.
它长什么样其实并不重要。
It doesn't really matter what it looks like.
当我思考代理的笔记未来会是什么样子时,这真的很有意思,对吧?
It is really interesting, when I think about what's the future of note taking will look like for agents, right?
今天,我们默认使用Markdown,但Markdown里面也可能包含可执行的内容。
Today, we kind of default to Markdown, but then there could be stuff that's executable inside of Markdown.
可能会有区块。
There could be blocks.
可能会有图表。
There could be charts.
所以Markdown作为一种格式显得非常受限。
So Markdown just seems very limiting as a format.
所以我很好奇,是否会出现Markdown++,让代理能够将一些可交互的内容作为笔记的一部分保存下来。
So I do wonder if there's like Markdown plus plus where agent can have roundable things that it remembers as part of notes.
你可以在Markdown中用Mermaid或其他扩展来制作图表,你只需
You can do charts in Markdown with Mermaid or like these extended You put
但我的意思是像HEX那样的图表。
but like I meant like charts like HEX like charts.
哦,我明白了。
Oh, I see.
所以并不是说,好吧,
So it's not like a, okay,
我觉得就像Jupyter笔记本那样。
I think Like a Jupyter notebooks.
你只是想要Python代码。
You just want Python code.
没错。
Exactly.
像可运行的代码,这些代码在做笔记时成为真实来源的一部分。
Like code that's runnable, and then it's part of the source of truth when you take notes.
因为这不仅仅是文字。
Because it's not just words.
它也是你在过程中创建的程序。
It's also programs that you create along the way.
现在,将图表以代码形式表达,这需要成为一种整体趋势。
This needs to be a whole trend at the moment of expressing graphs as code.
把这些综合起来,我觉得最令人着迷的是,这是我们第一次遇到这样的技术——它的能力不再受限于自身功能,而是受限于我如何让它安全运行,阻止它做某些事情,对吧?
Putting all of this together, I think what's super fascinating to me is this is one of the first time we're having technology where what it can do is not limited by its abilities, but limited by how I can make it secure and stop it from doing certain Right?
就像是,我们有了
It's like, it's this we have
这个瓶子里的精灵,而且
this genie in a bottle, and
这太惊人了。
it's amazing.
但我该如何控制它呢?
But how do I how I contain this?
对吧?
Right?
这种情况以前发生过吗?
Has that ever happened before?
我的意思是,安全从来都是最后才考虑的。
I I mean, security has always come at the end.
就像,我从未认为我们已经解决了编码这一面的问题,也就是写代码的部分,现在更多是系统工程的问题。
Like, it's never I I think it's just that we've solved we've solved the coding side of this, the writing code side, and now it's more of a systems engineering.
这些本质上都是系统和架构问题。
These are all fundamentally just systems and architectural problems.
不一定是安全问题。
It's not necessarily security issues.
某种程度上,社会工程是,但问题在于,你正在将不同信任域的风险混在一起。
Social engineering to some extent is, but that's the problem is is you're bringing up you're you're you're commingling risks across different trust domains with this.
因此,你面临着基础模型在信任、安全和对齐方面的问题。
So you have you have the trust and safety and alignment issues with your underlying foundation models.
你还面临着OpenClaw在你的本地机器上如何执行的系统架构问题。
You have the systems architecture and execution around how OpenClaw does things on your local machine.
然后你还有那种传统的黑客行为,比如提示注入之类的问题。
And then you have the sort of, the the the the traditional hacking sort of you know, prompt injection type stuff.
比如,坏人想搞恶意行为,想抢劫你。
Like, wanna do malicious people wanna rob you.
我们不会止步于此。
We're not stopping there.
我们还面临围绕它的服务权限粒度不够的问题。
We also have the the the insufficiently granular permissions on the services around it.
因为即使一切都很完美,你可能仍然不希望某些信息泄露出去。
Because even if everything is perfect, you still may not want to have certain information bleed over.
你还会遇到许多遗留自人类主导世界的问题和漏洞。
You have all the sharp edges that are left over from a world that was built for humans.
是的。
Yeah.
没错。
Right.
然后就是这些尖锐的边缘问题。
Then and so like Sharp edges.
这对人类来说没问题。
It's okay for humans.
是的。
Yeah.
是的。
Yeah.
是的。
Yeah.
那些可怜的代理程序。
Those poor agents
你可以解雇一个人。
Well, you can fire a human.
对吧?
Right?
我的意思是,那个代理会说,是的。
I mean, the agent's like, yeah.
YOLO。
YOLO.
如果我敢用一种非常风险投资的方式把它放在一个二维矩阵里。
If I dare to put it in a two by two in a very VC way.
所以有低安全风险和高安全风险。
So there's the low security risk and high security risk.
有低价值任务和高价值任务。
There's low value task and high value task.
那么,什么是低安全风险但高价值的任务呢?
So what is something that's low security risk but high value task?
可能的例子就是,给你丈夫发邮件说你今天会晚点回家。
Probably the example of, emailing your husband that you're going to be late today.
我的意思是,对,我想是这样。
I mean, yeah, I guess
更像是
it's more like
我也会把猫放在那儿。
I'd put the cat there too.
是的。
Yeah.
我的意思是,这些问题的核心总是权限提升和逃离它们所处的环境。
And I mean, it's just sort of the I mean, the issues with these things is always the escalation of privileges and the escape out of the environment they're in.
因此你可以看到,这些情况可能会演变成真正高风险的行为。
And so you can see where these things would jump into doing something that's actually high risk.
我认为我可以归为一类的是
I think one category that I would put
你不能仅仅把OpenClaw当作一个极其智能的LLM界面来使用。
in there is you can't just use something like OpenClaw as a really smart UI to your LLM in a sense.
基本上就说,别管内存,别管状态。
And basically say, let's forget memory, forget state.
关于 Bayt 播客
Bayt 提供中文+原文双语音频和字幕,帮助你打破语言障碍,轻松听懂全球优质播客。