Reading the article, it sounds like this is the other way around? Bitwarden is offering a new API, and OneCLI Agent Vault is integrating with the new API.
Often, we see a feature which is important to free use of a computer as a general-purpose tool locked behind an ever-changing and/or poorly documented API in a closed-source, centralized, de-facto-government-subsidized project.
The power dynamics of that situation are not symmetrical, so it does matter which project(s) are using which API(s) of the other(s).
These tools are useful, but I can't help to feel like they're solving the wrong part of the problem. I really don't have much concern that an agent has access to one of my credentials. Outside of production, most of these credentials are going to be limited in privilege and self-rotatable.
What remains terrifying is the ability to exfil important data or run commands that are malicious.
Lots of assumptions that the article is AI-authored (it could be but I'm not seeing overtly obvious signs - it's quite readable) & a lot of ungrounded assumptions that this is somehow related to Bitwarden integrating AI into their product.
I really thought reading comprehension among HN users was better than this.
Tangential: Where is Bitwarden on the below roadmap right now? It wasn’t even good to users, but was an alternative to 1Password and others that had long crossed this bridge.
‘Here is how platforms die: first, they are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. I call this enshittification, and it is a seemingly inevitable consequence arising from the combination of the ease of changing how a platform allocates value, combined with the nature of a "two-sided market", where a platform sits between buyers and sellers, hold each hostage to the other, raking off an ever-larger share of the value that passes between them.’
43 comments
Often, we see a feature which is important to free use of a computer as a general-purpose tool locked behind an ever-changing and/or poorly documented API in a closed-source, centralized, de-facto-government-subsidized project.
The power dynamics of that situation are not symmetrical, so it does matter which project(s) are using which API(s) of the other(s).
What remains terrifying is the ability to exfil important data or run commands that are malicious.
I could not be anymore bearish on Bitwarden than before after looking at this and very glad that I don't use them.
Lots of assumptions that the article is AI-authored (it could be but I'm not seeing overtly obvious signs - it's quite readable) & a lot of ungrounded assumptions that this is somehow related to Bitwarden integrating AI into their product.
I really thought reading comprehension among HN users was better than this.
‘Here is how platforms die: first, they are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. I call this enshittification, and it is a seemingly inevitable consequence arising from the combination of the ease of changing how a platform allocates value, combined with the nature of a "two-sided market", where a platform sits between buyers and sellers, hold each hostage to the other, raking off an ever-larger share of the value that passes between them.’
- Cory Doctorow