A defining technological shift is underway as AI agents like OpenClaw have exploded in popularity, taking the reins of digital lives, but also causing chaos with mass-deleting emails, writing hit pieces, and launching phishing attacks.
This chaos has led longtime security engineer and researcher Niels Provos to launch an open source, secure AI assistant called IronCurtain, designed to add a critical layer of control by running in an isolated virtual machine and mediating actions through a policy written by the owner.
IronCurtain's ability to convert plain English policies into enforceable security policies using a large language model (LLM) is vital, as LLMs are famously stochastic and probabilistic, creating challenges for AI guardrails.
Inside the Platform
Provos notes that an IronCurtain policy could be as simple as specifying what the agent can and cannot do, such as reading all email or sending email to contacts without asking, and never deleting anything permanently.
IronCurtain takes these instructions, turns them into an enforceable policy, and mediates between the assistant agent and the model context protocol server, adding an important component of access control that web platforms like email providers don't currently offer.
The Security Tradeoff
Dino Dai Zovi, a well-known cybersecurity researcher, says that the conceptual approach IronCurtain takes aligns with his intuition about how agentic AI needs to be constrained, arguing that black-and-white constraints are necessary for giving agentic AI more autonomy.
Dai Zovi argues that these constraints, which may seem rigid, are necessary for providing a supporting structure for agentic AI, allowing it to have more velocity and autonomy without going rogue.
Power and Control
IronCurtain is a research prototype, not a consumer product, and Provos hopes that people will contribute to the project to explore and help it evolve, potentially providing a solution to the chaos caused by uncontrolled AI agents.
