Gavriel Cohen on Why AI Agents Are Never Deploy-and-Forget
NanoClaw's founder argues that autonomous work agents are living infrastructure, not software you ship once: because the model underneath keeps changing and the agent can be hijacked, you build it small and auditable, isolate its credentials, roll it out one person at a time, and maintain it forever.
Deploy-and-Forget Is a Trap
The instinct to ship an agent and walk away fails because the model it runs on is a moving target, not a fixed dependency.
Agents are different than normal software in that normal enterprise software, you can deploy it, put it on some server, and let it run for like 5 years, and as long as you never touch it, it just works.
"I Can't Read This Codebase"
NanoClaw exists because the leading open-source agent framework was too large and opaque to trust, so Cohen rebuilt it small enough for outsiders to audit.
I want to make it readable and let other people look at it and validate it.
Assume the Agent Gets Hijacked
The isolation model keeps every credential out of the agent's own environment, so a successful prompt injection has nothing to steal.
So, making sure there are no credentials in the agent's environment, so even if it gets prompt injected, it can't leak credentials, it can't leak API keys.
Buy the Boring Parts
Cohen shrank the attack surface by composing off-the-shelf components instead of hand-building session management, compaction, and messaging.
Pi is really minimal. Instead, we use Agent SDK, which comes with a lot of that stuff out of the box.
Stop Waiting for Finished Work
The reliable win today is a second brain that ingests your information and answers across it, not an agent you hand a task and abandon.
And initially, one of the biggest mistakes that people make is that they just want to throw something in an agent and then walk away and expect to get a finished result at the end.
Nobody Wants to Be the IT Guy
Executives build powerful personal agent setups, then hit a wall trying to give the same thing to their teams without becoming full-time agent support.
I want to roll this out to everybody in my team. But I don't want to become the IT guy who's now like fixing their agents and debugging the memory issues.
Prompt Requests, Not Pull Requests
Coding agents made opening a pull request nearly free, so the real bottleneck in open source has shifted from writing code to triaging it.
it's an arms race where coding agents have just made it exponentially easier for people to open pull requests.