Currently, Anthropic and OpenAI hold a kill switch that may stop the spread of probably harmful AI agents. OpenClaw primarily runs on their APIs, which implies the AI models performing the agentic actions reside on their servers. Its GitHub repository recommends “Anthropic Pro/Max (100/200) + Opus 4.5 for long-context strength and higher prompt-injection resistance.”
Most users connect their agents to Claude or GPT. These corporations can see API usage patterns, system prompts, and power calls. Hypothetically, they might discover accounts exhibiting bot-like behavior and stop them. They might flag recurring timed requests, system prompts referencing “agent” or “autonomous” or “Moltbot,” high-volume tool use with external communication, or wallet interaction patterns. They might terminate keys.
In the event that they did so tomorrow, the OpenClaw network would partially collapse, but it surely would also potentially alienate a few of their most enthusiastic customers, who pay for the chance to run their AI models.
The window for this type of top-down intervention is closing. Locally run language models are currently not nearly as capable because the high-end business models, however the gap narrows day by day. Mistral, DeepSeek, Qwen, and others proceed to enhance. Inside the following 12 months or two, running a capable agent on local hardware similar to Opus 4.5 today could be feasible for a similar hobbyist audience currently running OpenClaw on API keys. At that time, there will likely be no provider to terminate. No usage monitoring. No terms of service. No kill switch.
API providers of AI services face an uncomfortable alternative. They might intervene now, while intervention remains to be possible. Or they will wait until a prompt worm outbreak might force their hand, by which era the architecture can have evolved beyond their reach.
The Morris worm prompted DARPA to fund the creation of CERT/CC at Carnegie Mellon University, giving experts a central coordination point for network emergencies. That response got here after the damage. The Web of 1988 had 60,000 connected computers. Today’s OpenClaw AI agent network already numbers within the tons of of 1000’s and is growing day by day.
Today, we would consider OpenClaw a “dry run” for a much larger challenge in the longer term: If people begin to depend on AI agents that seek advice from one another and perform tasks, how can we keep them from self-organizing in harmful ways or spreading harmful instructions? Those are as-yet unanswered questions, but we’d like to figure them out quickly, since the agentic era is upon us, and things are moving very fast.
