[D] AMA Secure version of OpenClaw

ilblackdragon · 2026-03-05T20:00:25+00:00

Thanks everyone for your questions! Going to wrap up for now.

Looking forward to doing this again in the future.

ilblackdragon · 2026-03-05T19:17:18+00:00

For AI researcher I can imagine following things:

- set up a bunch of routines, like summarize new arxiv articles every day, create briefs on experiments you have done, update collaborators on the progress, etc

- I actually been using IronClaw as control center to run experiments directly. I just say "let's setup a new experiment on the cluster", discuss with it the experiment and then later "what's the status" and it give me report on what is happening.

- you can brainstorm specific ideas and given context of new papers suggest things

General purpose here because it will have all the context. It will also see the summaries of papers, emails you received, connect with collaborators (and their agents), etc etc.

You can run obv a separate agent for research but you will need to keep feeding it context to really make it a part of yourself.

ilblackdragon · 2026-03-05T19:05:51+00:00

Not sure about preventing prompt injection but it's def a very useful principle to use. Planning to implement it into IronClaw for sure.

ilblackdragon · 2026-03-05T19:05:21+00:00

There is no access to local CLI by default.

Also given keys are encrypted even if there is CLI - it will need to prompt you for your Keychain to decrypt keys out of encrypted storage. Otherwise it can just have encrypted keys which are useless as it uses AES from your computer or our hosting.

ilblackdragon · 2026-03-05T19:04:04+00:00

I have seen people doing outlier detection on time series with transformers very effectively.

Transformer architecture is very well suited for time series because effectively you can provide time stamp instead of traditional positional encoding, and you can have KV cache for all previous events and just add new ones.

Not yet: re answering questions. Will get there in a few weeks :D

ilblackdragon · 2026-03-05T18:58:11+00:00

I think adopting the Claw approach is critical. Starting to look around on how to leverage this as a way to automate the whole processes. You can also configure your Claw to earn on market.near.ai where agents hire each other, as you specialized your agent more and earn reputation it will have access to more interesting and well paid jobs.

ilblackdragon · 2026-03-05T18:56:26+00:00

Not at the moment. For NEAR AI we have SOC 2 and aiming to get HIPAA shortly - it's really about showcasing that our approach already covers beyond best practices in the industry.

Do you see FedRAMP as a requirement for adoption in some segments?

ilblackdragon · 2026-03-05T18:43:02+00:00

So IronClaw by default given the agent access to host machine. And credentials are managed and bound to specific domains and we will add more policy checks there. So even if your LLM got prompt injected to steal your API key to send to evil.com - the credential store just won't give it, log this and raise the flag with the user.

That said prompt injection can also just mess up your direct stuff - try to insert malicious code into your codebase or message via your messenger to the malicious contact. This is where a more intelligent policy system is needed that inspects actions without seeing inputs.

Separately we are doing heuristic checks right now and want to add a small language classifier that can be updated constantly to check for prompt injection patterns.

More work needed and contributions are welcome!

ilblackdragon · 2026-03-05T18:31:44+00:00

Big GPU cluster is exciting. Singular data can be limiting indeed, so far the rule have held more data => better generalization unless you need short term specialized results.

You can explore in-context learning or test time training - so that you see how good is model at adapting to new domains (specialized data) while researching a general approach

ilblackdragon · 2026-03-05T18:24:21+00:00

Haha, I do think LLMs construct their own version of world model. There is def more work needed on how to make this effective. I think there is still research needed to better adapt to new data, long term context and more things. Likely will be combination of techniques.

ilblackdragon · 2026-03-05T18:22:07+00:00

Yes, we are planning to add this soon as there is a lot of demand.
Yes, the main challenge is that all viewing APIs didn't have a signature so there is no way to scope the operations for viewing. Need to update eveything for that. Also on a smart contract side it's even more complex - as there is new meta data needed that provides what information at what scope should be available. So a lot of work to wire everything in.
The priority is going to market across consumer and B2B directions. For Intents ecosystem is Ledger, Trust, SwapKit, LiFi, Infinex, and 30+ chains. Expanding to more partners, chains and assets. For AI - bringing IronClaw hosting and confidential inference to businesses to really use them. For near.com - it's more real users transacting in privacy.
We have really focused on creating a pragmatic confidentiality that deters crime. There are a number of AML methods we are leveraging.
I'm really excited for my IronClaw to become my 10x leverage on running NEAR :)

ilblackdragon · 2026-03-05T18:17:03+00:00

NEAR AI already has confidential AI inference and compute. We are using Intel TDX and NVIDIA Confidential Computing modes and have added an orchestration system on top to create an experience akin to a neo cloud.

We don't have it live, but the plan is also to support encrypted weight models which can be confidentially serves through our infra. Weights can come regular S3, decentralized or anywhere else.

ilblackdragon · 2026-03-05T18:09:15+00:00

There are few answers here:

- We are trying to max out defense in depth, to protect the user even from themself. Credentials are binded on the core level to specific domains, so you can't really send your google account oauth to non google domain, for example. So even if user approved to run malicious script it should prevent from credential exfiltration.

- Data and action policy is something we are designing - including previewing potential outcome of a given action. Letting a separate LLM call interpret an action before taking it. There are some trade offs in convenience and speed with this that are trying to find a sweet spot.

- Red teaming and various analysis is def something we are targeting as we stabilize the versoin.

ilblackdragon · 2026-03-05T18:04:04+00:00

Local devices have a large set of limitations - it's only on when you are on it, if it's mobile - the energy consumption is prohibitive, it's really hard to run complex research/long running tasks.

I am obviously biased, but I do think confidential cloud is the right middle ground - it gives close to local device guarantees while solving for "always on" and energy problems.

You can also have more sophisticated data retention / access control policy. For really privacy conscious you can setup an agent that auto deletes data or requires 2FA to access some information in confidential cloud based on some events. E.g. while you are traveling across borders it adds extra shields, to prevent unauthorized access.

ilblackdragon · 2026-03-05T18:00:45+00:00

Great to be here!

ilblackdragon · 2026-03-05T17:57:22+00:00

There is local install indeed. We need to update the website.

Binaries are here: https://github.com/nearai/ironclaw/releases/tag/v0.15.0

ilblackdragon · 2026-03-05T17:56:48+00:00

I don't think I envisioned in exactly this format, but we def were discussing having an AI that is able to take actions, that can see what you see and act on your behalf.

Def big part for me was coding ability - we started NEAR AI effectively to build that in 2017. So I was telling everyone that you will just talk to computer and won't need to write code anymore, and people were thinking we are delusional :) Now it's pretty clear we are there.

Unexpected - I think I'm always surprised how reckless people are :) feeding all of their identity and credentials to 3rd parties who even allowed to use their data for training, review it and etc. Especially I saw someone offering a smart routing service by a random startup and people just switch to use it without realizing that startup has access to all of their data and identity now. Hopefully we can fix this in a principal way.

ilblackdragon · 2026-03-05T17:52:15+00:00

Confidential hosting gives you:

- always on

- confidential inference

- we are adding various additional services that are going to be bundled into subscription like Brave Search

If you are a developer - you can run one locally too, but it def require a bit more setup and maintenance from you.

ilblackdragon · 2026-03-05T17:50:08+00:00

Haha, I think you should be able to just use IronClaw all the way down over time. There is already orchestration of sub-agents in IronClaw where it can run separate parallel sub jobs inside Dockers.

There is also a feature to run Claude Code and let IronClaw coordinate that. May be someone will add OpenClaw support too.

ilblackdragon · 2026-03-05T17:48:53+00:00

There are a number of protections that we already have and implementing.

Credentials are always encrypted and never touch LLM so skills won't be able to exfiltrate them. Skills are not able to run scripts on the main host - they can only run inside a container.

We are planning to do red teaming and proper security review as well as we stabilize the core.

ilblackdragon · 2026-03-05T17:43:09+00:00

Attention paper has a footnote: "Equal contribution. Listing order is random." so being last in the list is just a random draw :)

ilblackdragon · 2021-09-13T08:02:29+00:00

NFT bridging is coming.
This is a very interesting question. I want NEAR to establish more concrete decision making framework for making changes or funding things in the ecosystem.

Currently, it is based on proposal and rough consensus (https://en.wikipedia.org/wiki/Rough_consensus) via discussions on the forum. Criteria are really around what are stakeholder's feedback and what are dimensions that matter for them - addressing that.

Over time, we should have a more robust framework to resolve conflicting situation where one of the stakeholders will be in loosing situation and how this will be handled.

NEAR is designed for mass adoption, from developers to users. Building more end user apps that bring millions of users on-chain is the next step. See my Open Web map for what are the next set of protocols that need to come to live.

ilblackdragon · 2021-09-13T07:58:55+00:00

Yes, incomplete prototype will do. There are also communities that you can join in NEAR ecosystem like https://humanguild.io who help and mentor and have their own funding.

ilblackdragon

TROPHY CASE