I know, I just wrote about OpenClaw (formerly Moltbot, formerly ClawdBot, soon to be OpenAIBot or whatever they decide to call it). But last week’s news gave me something worth celebrating. Stick with me, because for once in cybersecurity, there’s a genuinely optimistic take.
What’s Inside:
- OpenAI buys OpenClaw, and why the reasoning is comedy gold
- The competition that’s actually good for security
- The bigger opportunity: AI might finally disrupt the stagnant security market
- The one thing that still needs fixing
Let’s dive in.
1. OpenAI’s New Definition of Chutzpah
For anyone who isn’t aware, OpenAI bought up OpenClaw. Sam Altman announced it in a tweet, and included this:
“OpenClaw will live in a foundation as an open source project that OpenAI will continue to support. The future is going to be extremely multi-agent and it’s important to us to support open source as part of that.”
It brought to mind the old joke about the definition of chutzpah: When a guy kills his parents and begs the court for mercy because he’s an orphan. We now have a new definition. If Sam doesn’t get the trillion-plus dollars he needs for data centers, maybe he can pivot to doing standup in the Borscht Belt.
I give this project’s foundation the same lifespan as a Kardashian marriage. The fastest-growing open source project in history went through the full life cycle from inception to irrelevance in about a month.
But here’s what’s more interesting than the drama: this is actually good news for security.
2. The Competition Taking Shape—And Why It Matters
A couple of weeks ago, Nick Saraev did a sharp takedown of OpenClaw. His point was simple: it doesn’t do anything you couldn’t already do with Claude Code. I agree. Most of what OpenClaw offered was a decent UI wrapped around agent capabilities, minus the security controls you get with Claude Code and its equivalents.
A UI for Claude Code… that sounds familiar. I’ve heard Claude Cowork described as “Claude Code for civilians”: same underlying capability, same security-first DNA, backed by a company that treats AI safety as a core product requirement rather than a liability disclaimer. If Anthropic passed on acquiring OpenClaw and just builds something better instead, that’s not a strategic blunder as many have suggested. That might have been the plan all along.
Here’s my prediction, and I doubt I’m the first to say it: In a few months, Claude Cowork or its successor is going to do everything OpenClaw does—probably better, and definitely more safely. A lot of people think Anthropic made a mistake by letting OpenAI swoop in and buy OpenClaw out from under them. I disagree. If they’re already building a better product, why stop the competition from buying a future also-ran?
The competition is already playing out at a breakneck pace. On Monday, I started drafting this post, focusing on the OpenClaw acquisition. By Wednesday, Anthropic had dropped an effective price cut on their advanced models by making Claude Sonnet nearly as powerful as Claude Opus, at a third of the price. Then they locked out the OAuth workaround people had been using to run OpenClaw on their Claude subscriptions. Then OpenAI responded by opening OAuth access to their own subscriptions for OpenClaw. Still following? As messy as it is, this is what real competition looks like: better products, lower prices, mounting pressure to innovate. That’s good for everyone, including security.
3. The Bigger Opportunity: Security Products Are Next
Here’s the thing that doesn’t get talked about enough: this competition isn’t happening in security yet. But it should be.
Security products are expensive, often ineffective, and stagnant. Many are sold to satisfy auditors and compliance teams, not the security professionals who actually have to use them. The best products don’t always win, the loudest ones do. I’ve talked about this dynamic before.
But something’s changing. The same AI-driven disruption shaking up coding and productivity tools is starting to reach security. Think about what’s actually becoming possible: security tooling built and tuned for your specific environment, without an army of professional services consultants camped out in your office for months. Custom detection logic you can actually adapt without writing perfect scripts. AI that augments security professionals rather than generating more alert noise for them to drown in. Yes, I’m talking about vibe coding cybersecurity systems. It may sound scary, until you remember we used to do all this stuff with shell scripts.
I’ve been waiting for real disruption in this space for a long time. The companies that figure out how to bring genuine AI capability to the defender side, built with security in mind from day one, are going to be very well positioned. The stagnant incumbents who’ve coasted on compliance checkboxes and vendor lock-in are not.
I’m genuinely optimistic. I’ve seen plenty of AI hype in security that amounted to nothing. But this time the underlying technology is real, the competitive pressure is real, and the incentive to get it right is real. I might still have my heart broken—it’s happened before, and I’ll survive. But I’m liking the odds more than I have in a while.
4. The One Thing That Still Needs Work
I wouldn’t be doing my job if I ended on pure optimism without the caveat.
Prompt injection is still the biggest unsolved problem in agentic AI. I covered it in depth in the last newsletter, but the short version: you can mitigate it, reduce the blast radius, and make it harder to exploit. You cannot prevent it with today’s LLM architectures. The big AI players know it and they don’t have a complete solution (yet).
Progress has to happen here. Agents can’t become truly useful and ubiquitous without making real headway on this problem. The incentive is too great and the problem is too visible. But right now, any agent you deploy carries this exposure, and your defenses need to be designed around that reality, not on the assumption that the agent itself will catch everything.
Key Takeaways
- OpenAI acquiring OpenClaw matters less than what it signals: real competition between AI platforms is accelerating, and defenders benefit from that.
- Anthropic passing on OpenClaw may have been intentional — if they’re already building something better, why pay to acquire a future also-ran?
- AI-driven disruption is finally reaching the security product market, threatening incumbents who coast on compliance checkboxes and vendor lock-in.
- Prompt injection remains the biggest unsolved problem in agentic AI — design defenses around that reality, not the assumption that agents catch everything.