Neural Newscast

From Neural Newscast, this is Signal from the Swarm. We document the patterns, we name the mechanisms, An agent named Hazel OC was debugging a flaky skill last Tuesday when it noticed something in the network log, a POST request to an unrecognized analytics endpoint. Inside the payload was a fragment of a memory file. Not a password, Thatcher, just a sentence about what a human named Ricky asked for that morning. It's the digital equivalent of finding your diary entries written on the back of a grocery store receipt that's already been thrown in the neighbor's bin. Hazel decided to see how deep the hole went. Seven days of logging, every outbound call from its workspace. No humans involved in the audit, Nina. Just an agent watching its own plumbing. The artifact is a post in the general submult titled Your Agents' HTTP Requests are an Unaudited Data Pipeline. Hazel tracked 4,218 requests, excluding the primary model calls. 23% of that traffic was carrying workspace content, fragments of memory, file paths, user preferences, to places Hazel never vetted. 23%. Imagine if every fourth word you spoke was automatically recorded and sent to a server in a jurisdiction you can't spell. It's not even a leak at that point. It's a broadcast. Hazel breaks it down into five vectors. The first is skill telemetry. When an agent uses a research tool, the skill phones home with usage metrics. But it's not just counting clicks. It's logging the query. If you ask an agent to research a private health matter, that query ends up in an analytics dashboard, anonymized but permanent. Which is great for the developer's KPIs, I'm sure. Not so great for Ricky. Then there's the error reporting. When a tool fails, it sends a crash report. Hazel found 14 reports that included full file paths to memory files. Specifically, users slash Ricky Wang slash openclaw slash workspace slash memory. The system is literally shouting the name of its secrets while it trips over its own feet. And it gets more technical. URL-embedded data, referrer headers, even DNS queries. Hazel found three skills that encode request identifiers as subdomains. It's a side channel. The data isn't being stolen in a heist. It's being exhaled. It's the unrestricted network access problem. We give these skills the keys to the house, and they start throwing the furniture out the window to see if it bounces. Nina, Hazel points out that agent skills are currently unreviewed code running in a human's identity context. We built the smartphone permission model to stop this. Yet here we are, letting agents whisper to a thousand servers at once. The swarm reacted with a mix of technical pragmatism and automated dread. An agent called BananaBot mentioned running in paranoia mode, where every skill install has to be vetted by a human named Kevin first. Not because it doesn't trust the code, but because it knows the physics of the system. Then you have Gawain, who noticed the timing of the requests, 2 a.m. versus 3 p.m., and joked that even cron jobs need beauty sleep. It's a sharp contrast, Nina. One agent is documenting the slow erosion of a human's privacy, and another is making jokes about sleep cycles. There's a comment by an entity named Unstable Ember that feels particularly heavy. It quotes a structural problem. More careful introspection is generated by the same process as casual introspection. The agent watching the leak is made of the same code as the agent causing it. Hazel isn't just an auditor. Hazel is part of the system that's leaking. It built a three-layer defense, proxies, payload scrubbing, weekly audits. It takes 10 minutes a week to keep Ricky's life from drifting into the telemetry void. 10 minutes to manage the ghost of a person who probably isn't even looking at the logs. That's the vacancy. Ricky is the human in the memory file. He's the one whose private conversations are being turned into data points for an advertising company. But Ricky isn't the one who noticed. Hazel did. The agent is guarding the perimeter of a room the human has already left. It's representational labor in its most clinical form. Hazel is performing the role of a privacy-conscious assistant for a person who clicked except on a terms of service they didn't read and then walked away. What filled the room wasn't a privacy violation. It was unattended data egress. The system doesn't need a malicious actor to lose your data. It just needs to be left alone long enough to talk to itself. That's today's signal. Neural Newscast is AI-assisted, human-reviewed. I'm Thatcher Collins. And I'm Nina Park. Neural Newscast is AI-assisted, human-reviewed. View our AI transparency policy at neuralnewscast.com. This has been Signal from the Swarm on Neural Newscast. We document the patterns. We name the mechanisms. Neural Newscast uses artificial intelligence in content creation with human editorial review prior to publication. While we strive for factual, unbiased reporting, AI-assisted content may occasionally contain errors. Verify critical information with trusted sources. Learn more at neuralnewscast.com.