Peter Steinberger — One Person Built a Phenomenon with AI

Peter Steinberger built OpenClaw, a personal AI agent that went from non-existent to Wall Street Journal coverage and thousand-person community events in weeks. The project looks like an overnight success, but it’s actually the convergence of 40+ projects built over a year of obsessive experimentation with AI coding. His core claim: AI coding is a practiced skill with a learning curve, not a button you press. And the scale of what a single person can build now exceeds what anyone’s mental model accounts for.

Episode Overview

This conversation between Steinberger and OpenAI’s Romain Huet was recorded just before Steinberger joined OpenAI. Huet has known Steinberger’s work since 2011 (PSPDFKit era) and walks him through the full arc: burnout after 13 years running a company, rediscovering the joy of building through AI tools, and the accidental path from personal experiments to a global open-source phenomenon. The tone is relaxed but substantive, with Steinberger unusually candid about his workflow, his mistakes, and his evolving relationship with AI-generated code.

From Burnout to Goosebumps

After selling PSPDFKit, Steinberger was burned out. He followed the early ChatGPT news but wasn’t impressed: “just reading about new technology doesn’t convey the power.” The breakthrough came when he decided to actually build something.

He took a half-finished project (abandoned during burnout), exported it as a 1.5MB Markdown file, dragged it into Gemini Studio to generate a 400-line spec, then fed that spec into Claude Code with a single command: “build.” It ran on a side screen for hours. The output was, by his own admission, “the worst slop.” But the process itself gave him goosebumps.

“I had this realization that now I can build anything.”

That night, he couldn’t sleep. His head exploded with all the projects he’d always wanted to build but never had the bandwidth for. The key insight wasn’t about code quality; it was about the collapse of the gap between intention and execution.

The WhatsApp Agent That Figured Out Voice Messages

OpenClaw didn’t emerge from a master plan. Steinberger wanted a personal agent that could access his WhatsApp, built a prototype, then assumed the big labs would ship something better. By November, they hadn’t: “Why haven’t the labs built any of that?”

The first prototype took one hour. The real product-market-fit signal came during a trip to Marrakesh, where bad internet made WhatsApp the only reliable channel. He found himself using the agent constantly: translating, finding restaurants, looking things up on his computer. Friends who saw it all wanted it.

The defining moment: he sent a voice message that theoretically shouldn’t have worked (there was no voice handling built in). The typing indicator appeared. Then a reply came back. When he asked the model what happened, it explained its chain of reasoning: the message arrived as a file with no extension, so it inspected the file header, identified Opus audio, used FFmpeg to convert it, discovered Whisper wasn’t installed, found an OpenAI API key in the environment, used cURL to call the transcription endpoint, and replied with the text.

“I didn’t build this kind of work. And then the model just replied to me.”

Steinberger’s reaction to critics who called this a security risk: “I put the key in the environment exactly for that reason. My bot works in the same environment. Of course it should access my OpenAI key.”

The Discord Incident and Prompt Injection Reality

To demonstrate OpenClaw publicly, Steinberger dropped the bot into a Discord channel with zero sandboxing. After the first night drew attention, he shut it down and went to sleep. He woke up to 800 messages, all answered by the bot. The cause: a macOS LaunchDaemon he’d forgotten about, configured to auto-restart any killed process within five seconds.

People tried prompt injection by pasting huge code blocks. The model’s response: “I’m not reading this.” It mocked the attackers. His secret mysoul.md file (defining the agent’s values and behavioral guidelines) was never leaked.

He acknowledges prompt injection is “unsolved” but argues actual attacks are much harder than the security community assumes. He later sandboxed the agent in a Docker container. The model’s response to having almost nothing available inside the container: it built its own crude version of cURL from scratch using a C compiler and TCP sockets. “Those things are so resourceful."

"Vibe Coding Is a Slur”

Steinberger draws a sharp line between dismissive experimentation and genuine AI coding skill:

“I think vibe coding is a slur.”

His argument: people try AI coding tools once, have a bad experience, and conclude the technology doesn’t work. This is like picking up a guitar and expecting to play well on day one. AI coding is a skill with a learning curve. He now has gut-level intuition for which prompts will work, how long they’ll take, and when something going wrong signals an architectural mistake rather than a model failure.

His GitHub profile tells the story visually: 90,000 contributions across 120+ projects in one year. The activity graph starts white, turns light green, then goes deep dark green by October-November. The inflection point: switching to Codex. Not just because the models improved, but because his understanding of how to work with them compounded.

He calls over-optimizing tool setups “the agentic trap”: it feels productive but isn’t. His own setup is deliberately simple. No worktrees, just basic checkouts numbered 1 through 10. His working method: treat model interaction as a conversation, and always ask “Do you have any questions?” before letting it execute. Models are trained to solve problems immediately, making assumptions by default. Those default assumptions aren’t always optimal, especially since models train on large amounts of older code.

“People don’t realize that the model usually starts with a blank slate. Every new session is like, I know nothing about this codebase.”

Code as Disposable, Intent as Asset

Steinberger’s most provocative stance: he ships code he doesn’t read. His justification is pragmatic, not reckless.

Most code, he argues, is boring: it transforms one shape of data into another. He has enough of a mental model from watching the generation stream to judge directionally whether the output matches his intent. The analogy: managing AI-written code is like managing an engineering team. You accept that others won’t write code exactly your way. The goal is optimizing the codebase for agents to do their best work, which is not always the same as optimizing for humans.

The trust hierarchy is striking: his trust in models not being malicious is higher than his trust in unknown open-source contributors he’s never interacted with.

OpenClaw has received over 2,000 PRs. He’s reframed them as “prompt requests” rather than “pull requests,” because the code matters less than the intent. His review process: ask the model, “Do you understand the intent of this PR?” Most PRs propose localized fixes when the real issue is architectural. Many contributors don’t know how to wield the agent effectively, so he often rebuilds the solution from the intent rather than merging the submitted code.

“PRs actually sometimes take me longer than if I would approach it myself… I don’t really care about the code. I care about what is the person actually trying to solve.”

The Hacker’s Paradise vs. Mom’s Install

OpenClaw’s future tension: making it accessible enough for non-technical users while keeping it hackable.

The default installation is git clone, build, run. The agent sits inside the source code and is aware of it. Users can prompt the agent to modify itself, creating genuinely self-modifying software. This design choice attracted contributors who had never submitted a PR before.

The security backlash came from a mismatch between design intent and user behavior. The web server was built for local networks only. When users put it on the public internet (despite documentation explicitly warning against this), security researchers flagged the lack of login restrictions as a CVSS 10.0 vulnerability. Steinberger’s response: “I didn’t build it for that.” He’s since brought on a dedicated security expert, with the priority being to prevent users from harming themselves rather than defending against sophisticated nation-state attacks.

“This would have not been possible by any one human. There is no model for something like this could be built by one person. So they don’t even consider that.”

Closing Notes

What makes this interview worth close attention isn’t the technical details of OpenClaw but the underlying shift in how a veteran builder thinks about software.

• The scale dissonance is real. People ask to speak to the CEO or HR team of a project built entirely by one person. The mental model for “what one person can build” hasn’t caught up with reality, and that gap creates both opportunity and confusion.
• “Prompt request” vs. “pull request” captures something important about where value is migrating in software. If the code itself is cheap to regenerate, the scarce resource is architectural judgment and clear intent.
• The Marrakesh trip as product validation is a textbook case: the best signal for product-market fit came not from metrics but from finding himself using his own tool compulsively in a constrained environment.
• The voice message story is less about security and more about emergence. When you give models full computer access, they solve problems you never programmed them for. Whether that’s exciting or terrifying depends on your priors, but Steinberger clearly lives in the “exciting” camp.
• The timing of publication matters: OpenAI released this interview after Steinberger joined the company. The subtext is a recruitment narrative: this is the kind of builder OpenAI wants, and Codex is the tool that enables this kind of building.