AI Agents Have Weak Security

Despite all the excitement around AI agents, one uncomfortable truth remains: AI agents are still weak when it comes to security.

That reality shapes how I use mine.

Rather than giving my AI broad access to sensitive systems, I deliberately limit what it can touch.

I do not link my AI agent (Clawdbot/Gemini or any other AI) to:

These integrations are convenient—but they also expand the attack surface dramatically. For now, the risk outweighs the benefit.

I focus on tools where access can be tightly controlled and damage is limited:

WhatsApp
Only I can chat with my AI agent. No public channels, no third-party exposure.
Apple Calendar
The AI acts like a personal secretary, working solely within my private calendar.
Kanban Board
My AI and I manage tasks together—planning, prioritizing, and tracking progress.
PKM (Personal Knowledge Manager)
This is where documents, notes, and structured thinking live. The AI helps organize and retrieve knowledge, not broadcast it.

I gradually adopt more integrations, but only after thinking carefully about blast radius and failure modes.

There is a middle-ground approach that I actually like:

Give your AI its own email address, separate from their personal or work inboxes.

This allows you to:

All without granting access to your real inbox or sensitive correspondence. The AI becomes a collaborator, not an administrator.

I named my AI agent clawdbot Neo, after the hero from The Matrix.

Neo is my AI butler—helpful, capable, and efficient—but not omnipotent.

And that’s intentional.

Until AI agents mature significantly in security, permissioning, and auditability, restraint is a feature, not a limitation.

Smart AI usage today isn’t about giving agents more power.
It’s about giving them just enough.