State of the Claw — Peter Steinberger

Peter Steinberger reports OpenClaw hit 1,142 security advisories in 5 months, most AI-generated slop, while navigating OpenAI employment and foundation independence.

• OpenClaw received 1,142 security advisories in 5 months (16.6/day); 99 critical, but Steinberger says the louder the alarm, the more likely it is AI-generated slop.
• Nvidia’s NemoClaw secure sandbox was broken 5 different ways within 30 minutes using Codex security tooling after a Sunday invite.
• A CVSS 10 vulnerability (worst possible score) involved an unshipped iPhone sync feature affecting a permission model almost nobody uses.
• OpenAI employs Steinberger but does not own OpenClaw; he is deliberately limiting OpenAI’s contributor share and building an independent foundation modeled on Ghostty’s structure.
• Steinberger runs 5-6 parallel Claude Code sessions simultaneously; previously ran ~10 when Codex 50/51 was slower.
• ‘Dreaming’ — reconciling session logs into long-term agent memory during idle time, analogous to human sleep — is a shipping priority he was pulled away from by maintenance load.
• Key skills for the AI age per Steinberger: taste (recognizing AI smell), system design, and saying no — because every idea is one prompt away but the combination breaks products.
• OpenClaw’s architecture is now fully plugin-based, letting users swap memory, add wikis, or add dreaming without forking the core.

2026-04-17 · Watch on YouTube