https://arxiv.org/abs/2605.14932 Autonomous agents based on large language models (LLMs) are rapidly emerging as a general-purpose technology, with recent systems such as OpenClaw extending their capabilities through broad tool use, third-party skills, and deeper integration into user environments. At the same time, these agentic systems introduce substantial security risks by combining unconstrained capabilities with access to sensitive user data. In this work, we investigate the security of LLM-based agents through the lens of operating systems. We argue that both face strikingly similar challenges in isolating resources, separating privileges, and mediating communication. Guided by this perspective, we survey the current landscape of open-source agents, derive a unified agent architecture, and systematically analyze potential attack vectors. To validate this analysis, we conduct a case study evaluating four widely used OpenClaw-like agents. Even under modest attacker capabilities, we find that several protection mechanisms fail in practice and that secure operation requires detailed system knowledge and careful configuration. However, we also observe that while some agentic capabilities remain insecure by design, many vulnerabilities can be mitigated using well-established techniques from operating system security. We conclude with a set of recommendations for the secure design of agentic systems.

One thing I think gets underrated in AI automation: The approval gate is not a small detail. It is part of the system. If agents are helping with real business work, they need to know when to continue and when to stop. Examples: - Revenue Ops agents can research leads, draft follow-ups, update CRM fields, and flag hot opportunities, but a human should approve risky outbound messages. - Finance agents can check invoices, match records, and prepare reconciliation notes, but a human should review exceptions. - Vendor agents can collect docs, send reminders, and track missing steps, but a human should handle mismatches. - Engineering agents can break down tasks, run checks, and summarize changes, but an engineer should review before shipping. That is what separates a useful automation from a risky one. The best agent systems are not just autonomous. They are clear about memory, schedules, tool access, limits, exception paths, and human review. If the approval gates are weak, the system will not be trusted with real work. Where do you usually place the human approval step in your automations?

I've spent over 400 hours inside Claude, and I'm breaking down exactly what separates someone stuck on level 1 from someone running five parallel sessions while they sleep, with the cheat codes to jump between each stage. Hope you enjoy!

Hey all, would love to know what multi-agent systems you have setup and how they are doing? Loving Paperclip thanks @Nate Herk for the awesome video!

Go check it out! The dates seem a little weird considering were only a week into April. Also, this looks at your statistics locally per account. So if you're constantly switching between devices, you will see two separate stat profiles.