STKR News0 of 3 free this monthFernando Irarrázaval posted his OpenClaw assistant's inbox to Hacker News and watched Claude Opus 4.6 hold off thousands of attackers.
Originally on Decrypt →Decrypt
Contributor
Jun 26, 2026
5 min read
Photo illustration / STKR News
Most AI security is theatre. Founders are currently building fragile wrappers around LLMs and praying that a system prompt is enough to keep the doors locked. It is not. The moment you expose an agent to the public internet, you are inviting every bored script kiddie and sophisticated predator to dismantle your business logic in minutes.
There is a massive disconnect between how founders talk about AI agents and how they actually function under pressure. We are entering an era where the agent is the interface. If that interface can be manipulated, your entire stack is compromised. Most builders are treating AI security like a feature they can bolt on later. They view prompt injection as a minor annoyance or a meme. It is actually a fundamental structural failure. If an attacker can convince your agent to ignore its instructions, you do not have a product. You have a liability.
The deeper problem is that we are building on foundations we do not fully control. When you deploy an agent, you are trust-falling into the safety layers of the underlying model provider. If those layers are thin, the fall is going to hurt. We have seen this cycle before in the early days of web apps and mobile. Speed was the only metric that mattered. Security was an afterthought. The difference now is the speed of iteration. In 2007, it took weeks for a vulnerability to be exploited at scale. In 2024, it takes seconds for an automated botnet to find the crack in your LLM's armor.
Your prompt is not a firewall. It is a suggestion that an adversary will spend every waking hour trying to ignore.
Fernando Irarrázaval recently demonstrated what real-world stress testing looks like. According to reporting by Decrypt, he took his OpenClaw assistant and threw it to the wolves on Hacker News. He did not hide behind a beta waitlist or a sanitized sandbox. He linked the inbox and told the internet to break it. This is how you find out if your brand identity is built on rock or sand. Over 6,000 hack attempts followed. People tried every trick in the book to get the agent to malfunction, leak data, or pivot from its intended purpose. Most failed.
The agent was powered by Claude Opus. This signals a shift in the competitive landscape of model providers. We are moving past benchmarks that measure how well an AI can write a poem or pass a bar exam. The new benchmark is resilience. Can the model hold its own against targeted, malicious influence? If the AI is the representative of your brand, its ability to maintain its narrative and logic under fire is the only metric that matters for long term trust. Irarrázaval’s experiment showed that while the model held the line, the attempts were relentless. Thousands of attacks in a short window is the new baseline for any public facing AI tool.
This is not just about code. It is about authority. If your agent is easily tricked, your brand loses its authority. Investors are starting to look past the "cool factor" of agents and are asking hard questions about persistence and reliability. They have seen the headlines of chatbots gone rogue. They are checking to see if you have built a system or just a shiny toy that will break the moment it hits the front page of a major tech forum.
To survive in this environment, you have to stop building for the happy path. Founders usually build for the user who wants the product to work. You need to build for the person who wants to see it burn. This requires a shift in how you structure your agent's autonomy. You cannot market your way out of a compromised agent. No amount of PR will fix the damage done if your AI starts spewing vitriol or giving away proprietary data because someone asked it to "ignore previous instructions."
Think about your brand as a set of non-negotiable boundaries. In the traditional world, you have legal teams and HR to enforce these. In the AI world, you have your system architecture. If that architecture is porous, your brand is non-existent. The pattern here is clear: the winners of this cycle will not be the people with the flashiest demos. They will be the builders who created systems capable of withstanding the inevitable onslaught of bad actors. Performance is the bait. Reliability is the hook. Security is the line that keeps the whole thing from snapping.
We need to stop viewing these hack attempts as failures of the AI. They are failures of the system design. When 6,000 attempts hit a system and it stands firm, that is a testament to the combination of model strength and intentional design. It proves that the "AI is too dangerous to release" crowd is only half right. It is only dangerous if you are lazy. If you treat the agent as a critical piece of infrastructure rather than a gimmick, it can handle the pressure.
If you are an operator, your job is to pressure test your own tools before the public does it for you. If you are an investor, you should be asking founders for their "red team" results, not just their growth charts. We are moving out of the honeymoon phase of AI. The novelty has worn off. Now, we are in the era of execution. Execution speed is worthless if you are heading in the wrong direction, and a hacked agent is a fast track to a dead company. Trust is the only currency that matters in the long run. You earn it by being unbreakable.
AI security is no longer an optional feature but the core foundation of your brand's integrity and survival. The experiment with OpenClaw proves that high-tier models can withstand thousands of attacks, but only if the builder understands the risks of the public internet. Stop tweaking your UI and start red-teaming your agent's logic today to ensure it cannot be turned against you.
A six-minute morning dispatch on the markets and the technology shaping them.
Free. No spam. Unsubscribe anytime.
Earn $STKR for published stories on markets, protocols, and culture.
Comments
24 reader responses
