---
title: "AI security, the lethal trifecta, and Linus's Law"
date: 2026-03-07
canonical: https://solmaz.io/x/2030419128058605718/
x_url: https://x.com/onusoz/status/2030419128058605718
license: CC BY 4.0 (https://creativecommons.org/licenses/by/4.0/)
---

openclaw is not secure

claude code is not secure

codex is not secure

any llm based tool:

1. that has access to your private data,
2. can read content from the internet
3. and can send data out

is not secure. it’s called the lethal trifecta (credits to @simonw)

it is up to you to set it up securely, or if you can’t understand the basics of security, pay a professional to do it for you

on the other hand, open source battle tested software, like linux and openclaw, are always more secure than closed source software built by a single company, like windows and claude code

the reason is simple: only one company can fix security issues of closed source software, whereas the whole world tries to break and fix open source software at the same time

open source software, once it gets traction, evolves and becomes secure at a much, much faster rate, compared to closed source software. and that is called Linus’s law, named after the goat himself
