Practical notes on enterprise AI transformation, agentic workflows, and AI security.
共 20 篇文章
At first, I didn’t dare to put OpenClaw inside the company network. Then I changed my framing: treat it like a new hire. Employee accounts, permission requests, code-level guardrails, manual email filtering—manage AI the same way you manage a junior employee.
Real intelligence isn’t paying for the most expensive model—it’s careful prompt and system design. This post shares five core optimization strategies—session initialization, model routing, local heartbeats, prompt caching, and rate limiting—shown in practice to reduce OpenClaw cost from ~$1,500/month to under $50.
From message in to response out, the pipeline passes through six key components. Understand this chain and you’ll see why OpenClaw feels more like an ‘employee’ than Claude Code.
OpenClaw feels like a real human assistant—very alive. After half a day, I decided to make it part of my workflow. From logging TODOs, sending calendar invites, transcribing meetings, connecting to internal systems, to even editing videos—this is what an agent should be.
When your agent burns 5 million tokens a day, the question isn’t ‘Is it smart?’—it’s ‘Is this context construction efficient?’ This deep dive dissects OpenClaw’s file-first memory architecture, explains the design philosophy behind SOUL.md and AGENTS.md, and why it would rather sacrifice efficiency than adopt RAG.
Twenty years ago, Unix Power Tools said: 'The command line is the best GUI in the world.' I didn’t get it then. Two decades later, LLMs proved how prophetic that line was. This week Claude Code keeps leading, OpenClaw appears out of nowhere—and the two routes are converging toward the sweet spot of Agent 2.0.
When a globally top-tier user officially recognized by Cursor chooses to leave a familiar tool for Claude Code, it’s not just switching tools—it’s a paradigm shift in how ‘AI programming should be done.’ Silen Naihin’s long essay explains the five pillars of Agentic Coding: Context Management, Planning, Closing the Loop, Verifiability, Debugging.
You don’t need to be a security expert—just be willing to spend an afternoon reading the docs carefully. This post distills Moltbot community battle-tested experience into a four-layer defense-in-depth playbook: Isolation, Quarantine, Rollback, and Transparency. It covers AI Agent Security, Prompt Injection Defense, LLM Agent Security, and an end-to-end Agentic Security framework.
When ‘out of the box’ becomes a product feature, you may be opening a backdoor for users. Nearly 1,000 Clawdbot servers were exposed to the public internet due to a default 0.0.0.0 bind, allowing anyone to take over your AI assistant, steal sensitive files, and potentially drain your crypto wallet.
When I was a kid I read a book called Unix Power Tools. There was a line I remembered for almost twenty years: ‘Command line pipeline is the best UI interface in the world.’ Back then I had no idea what it meant. But after Claude Code burst onto the scene in April 2025, I finally understood: a brain that understands the world through text plugged into an interface that exposes the world’s state through text. This isn’t retro—it’s structurally the most reasonable choice.
The biggest risk of AI coding tools isn’t that the model is dumb—it’s that you automated your own judgment. From Cursor RCE to GitHub Copilot flaws, this post explains how prompt injection becomes real-world attacks, and how to use CLAUDE.md to establish security boundaries.
This post shows how to implement Google DeepMind’s CaMeL two-layer agent architecture in PostgreSQL. Using native database Roles and Row-Level Security (RLS), we design an unbypassable AI-memory isolation mechanism to defend against prompt injection and privileged-agent loss of control.
Simon Willison called this ‘the first credible prompt injection defense’ he’s seen. CaMeL’s core design splits one agent into two: a low-privilege agent that reads external data, and a high-privilege agent that makes decisions—so ‘reading data’ and ‘taking actions’ are always separated.
A structured summary of Lenny’s Podcast interviewing HackAPrompt CEO Sander Schulhoff. From an AI-agent architecture perspective, it explains why guardrails can’t stop prompt injection—why stateless defenses fail structurally, and why least privilege and architectural containment are the only viable AI security path.
Three months. 630,000 lines of code. This isn’t about bragging output—it’s about what matters after code becomes ‘cheap’: humans’ last core value is defining the work (kickoff/specs) and accepting it (review/QA).
From Salesforce ForcedLeak to Microsoft 365 Copilot EchoLeak, this post exposes the security blind spots of the AI-agent era. 94.4% of agents are vulnerable, and traditional WAF/APM becomes effectively useless. This isn’t fear-mongering—it’s what the research says.
Anthropic reveals a dual-agent architecture—Initializer Agent + Coding Agent—so long-running tasks don’t rely on brute model power, but on an engineered workflow.
Anthropic published a dual-agent architecture—Initializer Agent + Coding Agent—using an engineered workflow to solve the ‘memory reset’ problem in long-running tasks.
Today I realized how insanely effective Claude Code is for Linux system admin. It not only writes code—it can also ‘excavate’ legacy programs, uncover hidden system secrets, and even find scripts written by former colleagues so you can leave work early and enjoy the boss life...
The previous PM left 50+ project docs and hundreds of files. With Claude Code + the GDrive MCP, I produced a full project summary, timeline, and tech-stack analysis in one day. A handover that used to take weeks can now run in the background while you go to meetings.