I watched someone demo Clawdbot last week and my eyes almost bugged out of my head.
Check-in for flights automatically. Schedule meetings while you sleep. Send emails as you. Book reservations. Pay bills.
The AI was doing everything a $60k/year assistant would do, except faster and without asking for PTO.
Then I asked: "Where's this running?"
"Oh, it's connected to my WhatsApp."
My brain short-circuited.
When Speed Meets Silly
Here's what's happening right now.
Agentic AI tools can compress hours of work into minutes. Real work. Email management that used to take 90 minutes? Done in 5. Calendar coordination? Handled before your coffee gets cold.
The capability is real. The demos blow your mind.
But nobody's talking about the part where you just handed the keys to your kingdom to something you just saw on X and watched a YouTube video about on 2x speed.
The Tony Stark Problem
I get the attraction. I mean, Tony Stark had Jarvis.
He also had an isolated lab, air-gapped systems, and a genius-level understanding of every single component.
You have Clawdbot, errrr MoltBot, and Chrome with "remember my password" turned on.
Think about this.
Would you give a brand new intern on day one:
- Your SSH keys
- Your password manager
- Your browser with every session logged in
- The ability to send emails as you
No? Then why are you giving it to an AI?
Your Trust Boundary Just Exploded
When you connect Clawdbot to WhatsApp, your security goes from "people I physically hand my laptop to" to "anyone with your phone number."
That's not a feature. That's an attack surface the size of your entire contact list.
The Clawdbot docs recommend Opus 4.5 partly for "better prompt-injection resistance."
That single line tells you everything. The builders know the AI can be tricked and they're being honest about it. But most users don't look past the demo videos.
We're In A Weird Gap
We're at this weird moment where AI is smart enough to control your computer but not smart enough to know when someone's manipulating it.
That gap is where all the risk lives.
Someone sends you a message. Your AI reads it. The message contains hidden instructions. Suddenly your "assistant" is wiring money to strangers or forwarding your entire email history.
You didn't authorize it. You didn't even see it happen.
But it's your accounts. Your sessions. Your problem. Your liability.
3 Things To Keep You Safe
Look, I use agentic AI every day. I'm not telling you to stop. I'm telling you not to YOLO it.
Here's I would do:
Run it somewhere else. Not your laptop. A cheap VPS or VM. When it breaks (and it will), your actual system stays clean.
Keep the critical stuff off-limits. SSH keys. Password managers. Email. Financial accounts. If losing access would wreck your week, the AI doesn't get it. Full stop.
Read what the builders are telling you. When the docs say "better prompt-injection resistance," that's not a feature brag. That's them warning you the thing can be fooled. They're being honest. Listen.
Remember what I wrote a few months ago about AI making me 10x faster but also destroying me? Same principle applies here.
Speed is only valuable if it doesn't run you right off the cliff.
The Real Opportunity
The demos are incredible, but in my opinion the threat model is terrifying.
But here's the thing: the companies building this are being honest about the limitations. They're not hiding the risks.
That means the opportunity is real if you approach it smart.
Use agentic AI for the repetitive stuff. Research. Coordination. Tasks that eat your time without adding value.
But lock down the critical systems until the security catches up to the capability.
Because right now? The tools work. The guardrails don't. And the gap between "this saves me hours" and "this just leaked my company data" is way smaller than you think.
If I see one more person bragging about their Mac mini running AI through Claude's hosted model, I'm gonna lose it. That's not local AI. That's just AI with extra steps and zero security improvement.
Be smart out there.
***
This week on Substack I'm breaking down exactly how to build AI systems that don't leak your data, waste your time, or blow up in your face. Real implementation. No fluff. Just the things that actually work when you stop chasing every shiny tool and start building the foundation.
If you’re ready to jump start your next 30 months, join me on Substack. First 100 founding members get $100/year locked in forever. That's where I'm putting my best implementation stuff. No 45-minute videos.
You just get to see what I do and often what companies pay me thousands of dollars each month to do. I also have a generous free plan if you're not ready to join paid yet.
Talk soon,
Pete Sena
Please take a second and hit the FWD button ▶️, to share this email with your favorite growth-obsessed peer. I want to inspire 1 million awesome minds like you.
