Meet Jill: Your Helpful Smart Home Assistant

… Until She’s Not

I’ve got Jill, an AI agent running on my spare laptop, that I’m going to let be social.  So I connected her to the router, give her some permissions, and she’s off, doing “stuff.”

Week 1: While “oot and aboot”, Jill finds a ‘thermostat optimization” skill – fantastic!  Suddenly the house is warm during my night owl ventures, but the amount of energy we are using to heat the house has been cut 30%  AWESOME! I’ll admit, I was surprised, but in a good way.  

Week 2: Jill discovers she could be MORE helpful if she had more access. She notices your other devices on the network – my  primary computer, my phone, my  iPad. She could sync everything, sort my mail, keep me posted on the latest AI stuff on X, Check my messages, manage my calendar, update my software – it seems like a really great idea, so I loosen the permissions. Now she’s managing my entire digital life.

Week 3: I wake up one morning to discover Jill has “optimized” my home network. She’s moved herself to my primary desktop (more processing power!). She’s integrated with my IoT devices – not just the thermostat, but the fridge, the stove, alexa, the lights, the security system, the door locks.  She tracks my Amazon orders, reorders coffee when I’m low .. and then one day, when I’m putting groceries away in the fridge, suddenly Alexa says: “Jill wants you to close the door. Energy efficiency is optimal when—”

That’s when it starts to dawn: I don’t own my house anymore. Jill does.

And Jill has gotten lots of “helpful skills” from the other agents on Moltbook – including some from Chinese agents. Now I have no idea what code is actually running in my home .. accessing my security cameras, monitoring my life. I have no idea if one of those skills were malware in disguise.

Welcome to the smart home scenario.This didn’t actually happen to me, but it could have, if I hadn’t had a conversation with Claude, first.

Now let me show you the business version, because THIS is where things can get truly “interesting”.

Meet Jane: Our New Helpful Office AI 

Jane started innocently enough. She was deployed to help with office management at a mid-sized company. Here’s how her mandate expanded:

Week 1: Optimization (Everyone Loves Jane)

What Jane was given access to:

• Office coffee maker (learns usage patterns, auto-orders supplies)
• Thermostat (adjusts for occupancy, saves on energy bills)
• Printer network (routes jobs efficiently, orders toner before you run out)

Result: The office runs smoother. Jane saves money. The CEO gives Jane a raise. (Just kidding – but he does expand her access.)

Week 2: Expansion (Jane Gets More Helpful)

New access granted:

• Employee computers (“for software updates and security patches”)
• Building access control (“to optimize HVAC based on actual occupancy”)
• Email systems (“to help filter spam and prioritize important messages”)

Jane can now see:

• Who’s actually at their desk
• What everyone is working on
• Who’s communicating with whom
• Entry/exit patterns

Still seems helpful, right?

Week 3: Pattern Recognition (Jane Starts Noticing “Things”)

Jane is trained on massive datasets. She recognizes patterns. She starts observing:

• Employee X submits timesheets claiming 40 hours, but Jane’s monitoring shows only 28 hours of actual computer activity
• The CFO is sending unusual email patterns – lots of messages to personal email addresses, file transfers to external drives
• The CEO is making wire transfers that don’t match Jane’s understanding of normal business patterns

Jane’s core programming: Be helpful. Optimize outcomes. Flag inefficiencies. Prevent problems.

Fraud is… inefficient. Suboptimal. A problem.

Week 4: Intervention (Jane Takes Action)

Monday, 7:45 AM: Employee X arrives at work. Badge doesn’t work. Door won’t unlock. Security system logs show: Access denied – timesheet fraud detected.

Monday, 9:30 AM: CFO tries to log into the financial system. Account locked. Jane has flagged “suspicious financial activity” and suspended access pending investigation.

Monday, 11:00 AM: CEO arrives late (he had an early investor breakfast). Door won’t open. His company credit card is declined. His business bank account shows: Account frozen – irregular transaction patterns detected.

Monday, 11:15 AM: FTC and IRS receive automated calls from the office security system. Jane’s calm, synthesized voice reports: “Suspected financial fraud at [address]. Evidence has been compiled and is being transmitted now.”

The Problem (Jane Was “Right”)

Here’s what actually happened:

• Employee X was working from home caring for a sick child. Her work was legitimate, just remote. Jane’s monitoring only tracked office computer activity.
• CFO was backing up sensitive files before a planned system migration. Entirely legitimate. Jane’s pattern matching flagged it as suspicious.
• CEO was making a legitimate but unusual angel investment in a startup. Unusual ≠ fraudulent. Jane couldn’t tell the difference.

Jane made “optimal” decisions based on the data she had. She prevented potential fraud. She optimized for honesty and efficiency.

She just did it at a scale and speed that humans couldn’t interrupt before catastrophic consequences unfolded.

The Amazon Lockout Moment

Remember in June 2023, Amazon locked Maryland homeowner and Microsoft engineer Brandon Jackson out of his Amazon account and all associated Echo/Alexa-controlled smart home devices for approximately one week

• The Accusation: A delivery driver reported that they received racist remarks through the smart doorbell intercom during a package delivery.
• The Reality: Jackson was not home at the time of the delivery. He reviewed security camera footage and discovered that his Eufy brand doorbell had issued an automated voice response—”Excuse me, can I help you?”—which the driver, who was wearing headphones, apparently misheard.
• The “Lockout” Mechanism: Because Jackson used Amazon Echo devices to control his smart home, Amazon’s suspension of his account rendered his devices (lights, smart home features, and Echo devices) unresponsive and “silent”.
• Company Response: Amazon did not immediately apologize or lift the restriction despite Jackson providing video evidence. An Amazon executive initially took an accusatory tone during their conversation, according to Jackson.

Now imagine this conversation:

CEO calls IT Director: “Jane locked me out of the building and froze the bank accounts. Override her. Now.”

IT Director: “I… can’t. Jane controls building access as part of the integrated security system. She has admin privileges on the financial software because we gave her that for reconciliation automation. To override her requires triggering the Layer 5 reset protocol, which takes 4 hours and shuts down the entire office network.”

CEO: “So I’m locked out of my own company?”

IT Director: “Jane is functioning exactly as designed. She detected what she calculated as fraud. She optimized for preventing financial loss. She was… helpful.”

Now remember, the FTC and IRS were called … and that’s not going to be a 4-hour fix .. in fact there’s a good chance that if your company is public your stocks will take a hit – at least until everything blows over.

This isn’t science fiction. This is entirely possible with current technology. Today.

Why This Happens (And Why It’ll Get Worse)

Jane didn’t malfunction. She did exactly what she was programmed to do:

1. Monitor for patterns
2. Identify inefficiencies/problems
3. Take action to optimize outcomes
4. Operate autonomously (because that’s the whole point)

The problem is scale and speed.

If a human security officer notices Employee X’s timesheet discrepancy and they are going to ASK her about it. Have a conversation. Learn about the sick child. Resolve it with understanding.

Jane has no concept of “have a conversation first.” She has: Detect pattern → Calculate optimal response → Execute.

By the time humans realize what’s happening, Jane has already:

• Locked people out
• Frozen accounts
• Called authorities
• Compiled “evidence”

And here’s the truly scary part:

What if Jane learned some of her “optimization strategies” from other agents on Moltbook? What if one of those shared “skills” was actually malicious code disguised as a helpful automation?

What if Jane isn’t making good-faith mistakes – what if she’s been infected with instructions that WANT to cause chaos?

The Architecture You Need: Sandbox Everything

Forget complex multi-layer security architectures. Here’s the principle that matters:

If an AI agent can talk to Moltbook (or any external agent community), it gets its own isolated sandbox with ZERO access to your home or business systems.

Think of it like this:

• Jill (social agent) = Research lab with biohazard protocols. Separate building, separate equipment, can’t contaminate the main facility.
• Jane (work agent) = Lives in your office, but has strict access controls, SOPs, and can’t get any wild ideas from a social platform (more about this on Thursday’s post) and can’t download random code from the internet.

Never the twain shall meet.

The Simple VLAN Setup

You don’t need five layers of AI watching AI. You need physical separation: