Consider what OpenClaw achieved and what it cost Steinberger to maintain it — 180,000 GitHub stars in three months, the fastest-growing open-source project in GitHub history, 1.5 million agents deployed in the wild. He built the first prototype in an hour, then found himself maintaining viral-scale infrastructure while bleeding five figures every month. The security establishment raised legitimate concerns: twenty percent of the skills marketplace was malicious, secrets were stored in plaintext, and the permission model broke every traditional security assumption about least-privilege access. One talented developer wasn't going to solve enterprise security architecture, build sustainable infrastructure, and maintain community velocity at the same time.

Steinberger's own framing matters here: "What I want is to change the world, not build a large company, and teaming up with OpenAI is the fastest way to bring this to everyone." He insisted on the foundation model specifically — OpenClaw stays open source, the community continues building, but he gets the resources to architect what comes next.

Compare the alternatives he had on the table. Meta's pitch was to turn OpenClaw proprietary, layer it on their infrastructure, and build agentic commerce on top of three billion users. OpenAI's pitch: keep it open, establish the foundation, bring Steinberger in to design the next generation with actual engineering resources behind him. For someone who built PSPDFKit to a 100 million euro outcome and understands open-source sustainability economics, the choice tracks.

The security problems were real and growing faster than one person could address them. Twenty percent malicious skills in the marketplace; plaintext credential storage in home directories; permission models that Cisco, CrowdStrike, and Sophos correctly identified as fundamentally broken for autonomous agents. OpenClaw needed dedicated security engineering, infrastructure designed for scale, and governance frameworks that could actually constrain agent behavior — not just more GitHub issues and community PRs from well-meaning contributors.

The foundation model directly addresses the "capture" concern that has everyone worried. Steinberger could have taken Meta's offer, gone fully proprietary with a massive user base built in, and secured a significant exit. Instead: open source continues, OpenAI commits to support the foundation, and the community maintains access to the project that went viral. It's the Chrome/Chromium playbook, which deserves its criticisms around governance and influence, but it's categorically different from "promising startup gets acquired and shut down."

Not every open-source project needs to stay solo to stay pure; some ideas hit a scale where they need institutional backing to reach their potential without collapsing. OpenClaw hit viral velocity before it had infrastructure that could support that velocity, and Steinberger was funding the gap personally while the security problems multiplied. The real question wasn't "acquire or stay independent" — it was "which acquisition structure preserves what made this valuable while solving the sustainability and security crisis."

The real test is what happens in the next six months. Does the foundation maintain actual independence, or does it become a rubber stamp for whatever OpenAI wants? Does OpenAI's internal agent work stay aligned with the open-source version, or do they diverge into proprietary territory? Does the security architecture get rebuilt with proper engineering resources, or does it get ignored because shipping agents is more important than securing them? We'll know soon enough.

There are even companies drinking the Kool-Aid in one gulp, declaring themselves "AI First" without ever defining what that actually means.

Here's what I suspect is actually happening: your AI tools aren't making you more productive. They're making you busier.

I think teams are likely spending more time on training, technical debt cleanup, and integration overhead than they're saving on code generation. Here are the key areas where I see problems arising:

• The training tax seems inevitable. Senior developers likely need weeks to learn effective prompting. Junior developers risk becoming dependent on AI suggestions without understanding underlying patterns. Code review processes probably become more complex when you're debugging both human logic and AI-generated assumptions.

• Then there's the data problem. Teams often assume their codebase is clean enough for AI to understand. Based on my experience with legacy systems, I suspect it's not. Teams probably spend months cleaning up documentation and refactoring code so AI tools can provide useful suggestions. That's not productivity—that's paying off technical debt you should have addressed years ago.

• The security implications worry me most. Based on my experience in regulated industries, adding AI tools means adding new attack vectors. Your threat model expands to include prompt injection, data leakage through AI APIs, and the challenge of auditing AI-generated code for compliance.

I suspect we will see many teams trade immediate coding speed for long-term maintenance complexity; and even worse they might not realize they are doing this trade.

Do I think there is no value or productivity gains to get from AI? No, I think the productivity gains can be real—just not for most teams yet. The companies actually seeing value from AI aren't the ones with the flashiest implementations. They're the ones who did the boring foundational work first.

The fundamentals that actually matter:

• Clean data - AI can't fix messy, inconsistent data

• Clear documentation - If your team can't understand your codebase, AI won't magically fix that

• System understanding - Teams need to be able to validate AI output, not just accept it

• Quality processes - If your documentation is scattered or outdated, AI tools will just hallucinate more confidently

The productivity gains are real, but they come after you solve the integration problems no one wants to talk about.

What's your experience with AI tool adoption? Are you seeing the promised productivity gains, or spending more time on the integration overhead?

Leave a comment