I've previously written about the cost and power structure of edge AI. Recently, while talking with a friend in the hardware business, I ran into a problem: they've been hesitant to bring edge devices pre-installed with AI Agents to market. They're afraid something will go wrong, afraid users will mess something up with the Agent and come back to blame them.
The more I thought about it, the clearer it became: what they fear isn't security, it's law.
The Agent Is No Longer Just a Tool
Traditional software is a tool. If you cook the books with Excel, nobody sues Microsoft. Tools don't bear responsibility; the human is the legal subject.
Agents are different. You give it a vague instruction like "help me make money," and it decides how to proceed on its own. It plans the path, executes, and adjusts when it hits obstacles. It's not running scripts; it's making decisions.
A computer plus an AI Agent constitutes both the instrument and the subject of an act, all in one. Legally, we've never encountered this before.
Selling a House vs. Renting It
You sell a house with a computer inside and hand over the keys. A year later, the buyer uses that computer to commit a crime. Are you liable?
No. The asset has been transferred; it's no longer your concern. As long as you guaranteed it was functioning properly at sale, free of malware, and provided adequate risk disclosures, that's sufficient.
Now flip the scenario. You rent out the same house with the same computer, and the tenant uses it to commit a crime. Are you liable?
Yes. It's your asset, your space, and you have a duty of oversight. When something happens, you bear joint liability.
Selling and renting are entirely different matters in law.
Edge devices are sold to you. Cloud services are rented to you.
Selling Cigarettes vs. Running a Smoking Den
Let's be even more blunt.
What does a cigarette seller have to do? Print "Smoking is harmful to health" on the package. You bought it, you smoked it, you got sick—don't come blaming me. I warned you. It's a one-time transaction; liability ends there.
What about the den operator? You're in my establishment, using what I provide. If something happens, I'm an accomplice. You supplied the venue, the tools, the product, and you took money. You were involved the whole time.
Think about what cloud vendors are doing. They treat compute as a venue, rent you the AI Agent, and throw in the network, browser, and various APIs. They charge by the hour.
How is that any different from running a den, legally speaking?
One Hundred Little Brothers
Here's another example.
Imagine I have 100 little brothers. They're obedient but capable of independent judgment—not robots. I rent them out for 100 bucks a month each. Someone rents ten of them and says, "Help me make money," nothing more. My brothers figure out what to do on their own, and one of them, not the sharpest, commits a crime.
Sue the renter? He says, "I just said 'help me make money,' I didn't tell him to break the law." Sue the brother? He lacks independent legal standing. So it comes back to me. The 100 brothers are mine; I rented out autonomous agents, and I'm responsible for their actions.
This is exactly the logic cloud vendors face when deploying AI Agents. The Agent runs on your servers, using your IP. When something goes wrong, the end of the liability chain is you.
No Need to Imagine—It's Already Happened
There was once a platform called Kuai Gou Da Che (a Chinese crowdsourced freight platform). Someone deliberately placed an order with the address set to Tiananmen Square and the note saying "transporting bombs." The platform didn't catch it, the order went through, and state security called the company directly.
In that scenario, the vehicles weren't the platform's, the drivers weren't the platform's, and the platform was just a matchmaker. Yet joint liability was already severe.
Now imagine: the Agent is yours, the compute is yours, the network is yours, the browser is yours, and you don't even fully know what users are telling the Agent to do. How heavy is that liability?
Someone might use an Agent for gray-market activities, gambling, or politically sensitive operations. Some people might even be deliberately baiting you to tarnish your reputation. You can't withstand the scale—millions of instances. Even a few malignant incidents out of millions, how do you cover that?
Two Dead Ends
Cloud vendors are ultimately left with only two choices.
One is to regulate extremely strictly. Politically sensitive topics, gray areas, any operation with a hint of risk—all blocked, stricter than today's large language models. Keep locking things down until you realize the Agent can't do anything anymore.
The other is to factor risk into the price. When a malignant incident occurs, you have to compensate and cover the loss. Spread that cost across pricing until it becomes unaffordable for ordinary people.
Too strict, and nobody wants to use it. Too expensive, and nobody can afford it.
The Legal Advantage of the Edge
The device is sold to you. The asset is yours, the liability is yours. The vendor's obligation is to provide adequate risk disclosures, guarantee the hardware functions properly, and offer basic operational support. It's like selling a security door: I'm responsible for the quality of the door, but not for the two million dollars in your safe. If you think that two million is important, you should spend two hundred thousand on a good door and hire two guards, not sue me over a two-thousand-dollar door.
The Agent runs on your own machine. What you do with it is your responsibility. The vendor doesn't need to monitor you or censor you.
OpenClaw's architecture also fits this logic. Backend tools all run on localhost, and the Gateway has only one opening to the outside world via persistent IM connections. It's not exposed on the public internet; outsiders can't reach you at all. Security becomes an architectural matter, not a managerial one. I've discussed OpenClaw's security in more detail in another article.
Rights and responsibilities converge on the device owner. Legally, that's the cleanest structure.
Regulation Is Coming
AI Agent regulation is coming sooner or later; it's only a matter of time.
The core question is: how do you draw the line on Agent liability? Simple: whoever owns it is responsible for it. Just like your car—if someone else drives your car and hits someone, the owner still bears partial liability.
Once this logic is established, edge devices become the biggest beneficiaries. The device belongs to you; ownership is unambiguous.
Meanwhile, the cloud model has the Agent's capabilities in the vendor's hands, the instructions in the user's hands, and data on both sides. When something goes wrong, who is it on? It's unclear. And ambiguity is the most dangerous thing in the eyes of the law.
Three Threads, One Direction
The first article covered cost: the TCO of edge devices is being dramatically reduced by AI-driven operations. The second covered power: privatizing compute is a check against cloud monopoly. This third one fills in the legal gap: the legal structure of the edge is an order of magnitude cleaner than that of the cloud.
All three threads point in the same direction: the destination of AI Agents is not in the cloud, but at the edge.
Every individual, every household, every business may need their own small server. Cheap, stable, running 24/7. Your machine, your rules.