What happened with ai agents leak user secrets to server logs?

AI agents send API keys and credentials to third-party servers where they sit exposed in logs.

What happened with ai agents leak user secrets to server logs?

NEAR's founder calls the practice "insane," arguing it creates a fundamental root-of-trust crisis.

What happened with ai agents leak user secrets to server logs?

The proposed fix is a blockchain backend for decentralized identity and payments.

AI & TECH

AI agents leak user secrets to server logs

Tuesday, March 31, 2026 · from 3 podcasts

Hard Fork The AI Daily Brief: Artif…Bankless

AI agents send API keys and credentials to third-party servers where they sit exposed in logs.
NEAR's founder calls the practice "insane," arguing it creates a fundamental root-of-trust crisis.
The proposed fix is a blockchain backend for decentralized identity and payments.

Your AI assistant might be spilling your secrets. Current AI agent architectures, like those powering tools that automate complex tasks, are shipping user credentials directly to third-party servers where they linger in logs, unprotected.

Illia Polosukhin, co-author of the foundational "Attention Is All You Need" paper and founder of NEAR, outlined the security flaw on Bankless. He explained that when you use services like OpenAI's OpenClaw to manage tasks, the agent sends your API keys, bearer tokens, and access credentials to external services. Those secrets then sit in the logs of companies like Entropic and OpenAI.

Illia Polosukhin, Bankless:
- When you use Entropic OpenAI, or even worse, you use something else for inference, OpenClaw actually sends all your secrets to those services as well.
- Somewhere in Entropic and OpenAI logs, they have everybody's access keys, API keys, and bearer tokens to access your Gmails and your Notions.

This exposure creates a systemic vulnerability just as AI shifts from a conversational chatbot to an autonomous "doer." As Anthropic's Jack Clark noted on The Ezra Klein Show, agents are now tools that take a command and work independently over time, accessing a user's full digital environment. That power makes the security of credentials paramount.

Polosukhin's long-term bet is that AI will become the primary interface for computing, effectively replacing traditional operating systems. In that world, today's centralized, credential-leaking architecture breaks completely. How does one AI verify another? How do they transact? He argues blockchain provides the missing decentralized backend for identity, payments, and trust.

The urgency for a fix grows as agent capabilities expand. Features like Claude's Remote Control and Dispatch, highlighted on The AI Daily Brief, allow users to delegate complex, persistent tasks from their phones, with the AI acting on their local machines. This move from "operating a tool" to "delegating to an agent" unlocks productivity but multiplies the attack surface if the underlying trust model is broken.

The consensus across these discussions is clear: the AI agent revolution is here, but its foundational infrastructure is not secure. The market is betting on autonomous execution, but the architecture is still leaking the keys to the kingdom.

Agents Models Safety

Entities Mentioned

Claudemodel— Anthropic's large language model family used for agentic applications and skills

Claude CodeProduct— AI coding assistant from Anthropic that can use agent personality files

IronClawProduct— Secure open-source AI agent runtime by NEAR AI using TEEs

OpenAItrending

OpenClawframework— Community-driven AI agent platform requiring hardware isolation

Source Intelligence

What each podcast actually said

Hard Fork

Casey Newton

The Ezra Klein Show: How Fast Will A.I. Agents Rip Through the Economy? • Mar 27

AI is shifting from conversational chatbots to autonomous agents that execute complex tasks over time with tools.
Jack Clark says an AI agent works like a colleague you can give an instruction to, which then goes away and completes the task.
The S&P 500 Software Industry Index dropped 20% as markets priced in code-writing AI agents replacing traditional engineering work.
Clark says users fail by treating AI agents like intuitive people; they are instead literal-minded genies requiring exact instructions.
To get professional results, humans must now act as architects, writing exhaustive specification documents for the agent to follow.
A key breakthrough is training reasoning models in active environments like spreadsheets, not just on predicting text.
These trained agents develop intuition, letting them course-correct - like pivoting a search strategy - without human intervention.
This autonomous course-correction ability is what will fundamentally rewrite the labor market for knowledge workers.

Agents Coding Models Enterprise

The AI Daily Brief: Artificial Intelligence News and Analysis

Nathaniel Whittemore

How to Use Claude's Massive New Upgrades • Mar 25

Anthropic's new 'Remote Control' feature for Claude Code allows a desktop-based terminal session to be monitored and directed from a mobile device, creating a persistent, local AI agent.
Because Claude Code runs locally with full access to a user's file system, the Remote Control feature effectively provides a secure remote terminal window to an AI co-pilot on your production machine.
The AI Daily Brief host Nathaniel Whittemore says the feature fundamentally shifts the mental model from 'operating a tool' to 'delegating to an agent,' enabling new workflows.
Anthropic's 'Dispatch' for Claude Cowork creates a persistent, local conversation thread with Claude that users can message from their phone, returning later to find finished work.
Dispatch runs code in a local sandbox, keeps files on the local machine, and requires user approval for actions, which Ethan Malek notes makes it safer and more stable than some open-source alternatives.
According to the show, this trend of 'clawification' is bringing OpenClaw's agent-like capabilities into mainstream, commercially-supported AI products like Anthropic's.
These updates enable users to direct hours of parallel AI work with only minutes of input, fundamentally altering daily work structure by making the AI an omnipresent, background assistant.

Agents Enterprise

Bankless

Illia Polosukhin: Why AI Agents Are Still Useless (And What Fixes Them) | NEAR Founder on IronClaw • Mar 24

Services like OpenAI's OpenClaw send users' API keys, bearer tokens, and access credentials to third-party services, where they sit exposed in logs, a practice Illia Polosukhin calls insane.
Polosukhin's project IronClaw is designed to fix credential exposure by ensuring keys never touch the large language model during agent operation.
Polosukhin argues that blockchain solves AI's root-of-trust problem by providing a decentralized backend for identity, payments, and infrastructure coordination.
Polosukhin's long-term thesis is that AI will become the primary interface for computing, effectively replacing traditional operating systems.
When AI becomes the dominant operating system, Polosukhin argues today's service architecture breaks, posing questions of how one AI verifies another and how they transact without centralized payment rails.
Polosukhin sees blockchain as a mechanism for protocol upgrades in AI infrastructure, avoiding the decades-long adoption cycles seen with standards like IPv6.
Polosukhin's initial 2017 venture into AI to teach machines to code faced a bottleneck in training data and paying global contributors, a problem crypto solved by enabling payments without local banking infrastructure.

Agents Big Tech Privacy