当聊天变成控制 - 从运行本地 AI 代理中获得的安全教训

Running large language models locally has become increasingly accessible with tools like Ollama and frameworks such as OpenClaw, making it easy to deploy AI agents capable of reasoning, maintaining state, and executing actions on private hardware. However, this convenience comes with significant risks. Once a large language model is connected to tools and exposed through platforms like Discord, it transcends being merely a chatbot, evolving into a control interface driven by natural language where user input can directly influence system behavior. In this context, traditional security assumptions such as clear trust boundaries, strict input validation, and predictable execution no longer apply. The focus shifts to reflecting on the real risks associated with running a local AI agent and the potential issues of self-hosting.