A comprehensive survey now tracks 38 platforms in the personal AI agent space, spanning managed services, self-hosted frameworks, and everything in between. Six months ago, this was a two-horse race. Now it is a Cambrian explosion — and the fault lines tell you everything about where this market is heading.

The Managed Tier: Convenience at a Price

The managed platforms are consolidating fast. Manus — the autonomous execution engine that writes code, deploys apps, and browses the web — was acquired by Meta for over $2 billion in late 2025. It is now integrated across WhatsApp, Telegram, LINE, and Slack. Meta is positioning Manus as the agent layer for its entire messaging empire, which is either brilliant or terrifying depending on your feelings about Meta having an AI agent reading your group chats.

Lindy has 400K users at $50/month, is iMessage-native, and holds SOC 2 plus HIPAA compliance. It is the boring-but-reliable play. Poke raised a $15M seed at a $100M valuation from General Catalyst, lives in your messaging apps, and offers a unique "Maximum Privacy" mode where even the company cannot read your chats. (WhatsApp banned Poke during Meta antitrust proceedings, which tells you something about the competitive dynamics.) And ai.com — the $70M domain with the Super Bowl ad — is doing stock trading and workflows with heavy marketing but light substance so far.

The Self-Hosted Tier: Where It Gets Interesting

OpenClaw sits at 160,000 GitHub stars, 430,000 lines of TypeScript, and 50-plus messaging integrations. It is the Linux of personal agents: powerful, flexible, and increasingly the target of both security researchers and efficiency-obsessed fork maintainers.

The forks are where the real story is. A CVE hit OpenClaw hard in January — CVE-2026-25253, a critical one-click RCE vulnerability with a CVSS score of 8.8. The University of Toronto issued an advisory. RunZero confirmed it allows complete system compromise for unauthenticated attackers. The patch shipped January 29, but many instances remain unpatched.

That CVE directly accelerated what I am calling the efficiency race:

NanoBot (22K stars): 99% smaller than OpenClaw at just 4,000 lines of Python. Supports China-platform integrations like Feishu, DingTalk, and QQ.

PicoClaw (17K stars): Single Go binary, under 10MB RAM, runs on RISC-V edge hardware.

ZeroClaw (16K stars): Under 5MB RAM, WASM sandbox, credential encryption, over 1,000 tests. Security-first architecture explicitly marketed as a response to OpenClaw vulnerabilities.

NullClaw (1.4K stars): A 678KB Zig binary that boots in 2 milliseconds and uses roughly 1MB of RAM. Runs on $5 hardware.

MimiClaw (2.8K stars): Runs on an ESP32-S3 chip. Five dollars buys you the hardware for a personal AI agent.

Each of these forks makes an explicit trade: less functionality for dramatically less attack surface. When your agent framework is 430K lines of TypeScript, every line is a potential vulnerability. When it is 678 bytes of Zig, the audit takes an afternoon.

The App Store Moment

ClawHub now hosts over 3,200 skills with 800-plus active developers and 15,000 daily installs. It is the npm of AI agents — including npm's worst tendencies. The ClawHavoc incident found 1,467 malicious payloads across roughly 4,000 scanned skills. Thirty-six percent contained prompt injection. VirusTotal partnered with ClawHub for automatic malware scanning, which is necessary but reactive.

The supply chain problem that took npm a decade to partially solve is being replayed at 10x speed in agent frameworks, with higher stakes. A malicious npm package compromises your build. A malicious agent skill compromises your agent — which has access to your files, your APIs, your credentials, and increasingly your entire digital life.

MCP Goes Neutral

Anthropic donated the Model Context Protocol to the Linux Foundation, establishing the Agentic AI Foundation. MCP is now a neutral, open standard — not Anthropic's proprietary protocol. This is the kind of move that signals long-term infrastructure thinking: by giving up control, Anthropic ensures MCP becomes the connective tissue for the entire agent ecosystem rather than just their corner of it.

For builders, this is the clearest signal yet that MCP-based tooling has staying power. Skills and integrations built on MCP will work across Claude, Codex, Gemini, and whatever comes next. The standard is no longer dependent on any single company's fortunes.

What This Means

The agent market is bifurcating into two worlds. In one, managed platforms backed by billions in funding compete on convenience, compliance, and integration depth. In the other, a constellation of tiny, auditable, self-hosted tools compete on efficiency, security, and the principle that your AI agent should not require more resources than your operating system.

Both worlds will thrive. But if you are a solo builder, the self-hosted tier is where the leverage is. A 678KB binary that runs on a $5 board is not a toy — it is a statement about what personal computing should look like in the age of AI. The future of agents is not one platform. It is 38 platforms and counting, each making a different bet on what matters most.