FRESH
Hacker News
Hacker News Hacker NewsIf you need it to do anything useful[0], you have to connect it to your data and give it action capabilities. All the dragons are there.
If you play it careful and don't expose your data, comm channels, etc., then it's much like the other AI assistants out there.[1]
---
[0] for your definition of useful
[1] I do appreciate the self-modification and heartbeat aspects, and don't want to downplay how technically impressive it is. The comment is purely from POV of an end-user product.
This is a marketing piece for Concrete Media.
Whenever you see an article like this, be sure to ask yourself how the author came up with the idea for the article, and how the author got in contact with any people interviewed in the article.
Another useful primitive is surrogate credentials: the agent never handles real API keys or tokens. A proxy swaps in real values only for scoped hosts on the way out. This keeps the access the agent has locked inside the container; surrogate credentials are not valid outside.
My Claude Code over email project demonstrates both of these: https://github.com/airutorg/airut
https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/
Lethal trifecta:
1. Access to your private data
2. Exposure to untrusted content
3. The ability to externally communicate
Any combination of 1-3 or more skills can result in a prompt injection attack if it satisfies the above criteria - Gmail or sales personal data, Reddit or X posts or comments in white text, Gmail or Reddit or X to send confidential information to the attacker.
not 500 lines but looks more reasonable then openclaw
--- [0] https://github.com/netdur/hugind
Like our emails, files, other accounts and stuff. That’s “ours” and personal.
Even for business, that should be off limits.
What we do give to AI should be brand new blank slates. Like say I roll out an AI solution in March 2026. That is the seed from which everything we do using AI will work.
To get there we could move data we want to the new environment. But no access to any existing stuff. We start fresh.
If it needs to take any actions on behalf of our existing accounts it needs to go through some secure pipeline where it only tells us intent, without access.