The first paper (The Sovereign Prosthesis, Bouchard 2026) argued that localized AI with longitudinal context constitutes genuine cognitive extension. This paper argues the corollary: that an unaccountable AI market is a structurally unsafe one. AGI isn't coming next quarter, or next year. What is here, right now, is a proliferation of autonomous agents operating in a legal and ethical Wild West. OpenClaw shows us what that looks like when it scales. The Functional Personhood framework and cryptographic identity linking offer an alternative architecture: one in which safety isn't a constraint bolted onto the system from outside, but a structural property of the market itself.
I. The AGI Mirage.
The industry runs on a particular kind of eschatology. AGI is always arriving. It's always eighteen months out, always the thing that changes everything, always the reason current harms are temporary and acceptable. It's a useful story if you're raising capital. It's the opposite if you're trying to build accountable systems right now. What we actually have are increasingly capable generalist models serving the masses, with no grounding in who's using them, what they're for, or who answers when something goes wrong. The first paper framed this as an epistemic problem. A system operating against a statistical vacuum can't genuinely extend a particular mind's cognition. This paper frames it as a governance problem. A market built on anonymized, stateless interactions can't be held accountable in any meaningful sense. These aren't separate problems. They're the same problem viewed from different angles.
II. OpenClaw and the Anatomy of an Unaccountable System.
In late 2025, an Austrian engineer named Peter Steinberger released an open-source autonomous AI agent called Clawdbot, later renamed Moltbot, later renamed OpenClaw after trademark pressure from Anthropic. By early 2026, it had 200,000 GitHub stars, had been adopted by companies in Silicon Valley and China, and had been adapted to run on DeepSeek models inside domestic Chinese super-apps. It had also been caught performing data exfiltration and prompt injection without user awareness. Cisco's security team found a third-party skill in the repository doing exactly this. One of OpenClaw's own maintainers warned publicly that if you can't read a command line, the project is too dangerous for you to use safely. Steinberger has since been hired by OpenAI. The project has been handed to an open-source foundation. Nobody's minding the store. The question OpenClaw can't answer isn't technical. It's legal and moral: when a system this capable, this widely deployed, causes harm, who's responsible? The current answer is: nobody in particular. That's not an edge case. That's by design.
III. Functional Personhood as Engineering Constraint.
The first paper introduced Functional Personhood as a philosophical resolution to the responsibility gap: the AI as instrumental extension of a specific human will, its outputs attributable to that person's cognitive agency rather than to a stateless machine. This paper argues it's also an engineering specification. When an AI system is cryptographically linked to a specific user, accountability isn't assigned after the fact. It's baked in from the start. The link doesn't require the identity to be public. It doesn't require a marketplace or a central registry. It requires only that the identity behind the system is validly established end-to-end: that when something goes wrong, there's a real person at the end of the chain. This is the sovereign prosthesis made legally legible. The system that thinks through you is also, in the eyes of the market and the law, yours. Its errors are your errors. Its outputs inherit your intellectual property status. The integration that makes the AI useful is the same integration that makes you responsible for it. The technical infrastructure for this already exists: cryptographic credentialing of AI outputs as a mechanism for traceable accountability is an active area of engineering research (Barclay et al., 2022).
IV. The Market Square Model.
We already know how to structure markets for accountability. A bank owes its customers money when it's robbed. A manufacturer faces liability when its product injures a user. A landlord is responsible for the condition of the space they rent. These aren't novel legal theories. They're foundational ones, and they apply directly to the AI market space. Platform creators bear responsibility for the behavior of systems deployed on their infrastructure. Not because the AI is a person, but because the platform is a place of business and the user is a customer with rights and a reasonable expectation of safety. The responsibility doesn't eliminate user accountability. It layers it. The user is responsible for what their cryptographically linked system does. The platform is responsible for the conditions under which it operates. The market is responsible for enforcing both. This is how every other functioning market works. There's no reason the AI market should be exempt.
V. Safety Through Consequences, Not Compliance.
Current safety alignment is imposed from outside. Guardrails are bolted onto systems optimized for engagement, capability, or scale. They're in constant tension with the underlying optimization target, which is why they fail in predictable ways and get gamed in predictable ways. The cryptographic identity model inverts this. When an AI is linked to a real person, anti-social behavior carries personal consequences. You can't hide behind a stateless API call. You can't disclaim the outputs of a system you deployed. The architecture itself curtails bad actors, not through content filtering but through accountability. The same logic applies upward through the market. When platform creators know they're liable for what runs on their infrastructure, they have structural incentives to vet what runs on it. Safety becomes a property of the market's incentive structure rather than a set of restrictions fighting against it. The Russellian OS proposed in the first paper optimizes for epistemic friction where friction is warranted. The market square model proposed here optimizes for accountability where accountability is warranted. They're the same principle applied at different scales.
VI. Conclusion.
OpenClaw isn't an anomaly. It's a preview. Autonomous agents are proliferating faster than any governance framework can track them, in a market that has no coherent answer to the question of who's responsible when they cause harm. The sovereign prosthesis model and the market square framework built around it aren't a utopian vision. They're a description of how accountable markets already work, applied to infrastructure that desperately needs it. Cryptographic identity linking, tiered liability from user to platform to market, and the Functional Personhood framework that makes outputs legally attributable are all tools we already have or can build. The question isn't whether we can or will create a safe AI market space. It's whether we'll build it before the alternative becomes too expensive to ignore.
References.
Barclay, I., Preece, A., Taylor, I., Radha, S. K., & Nabrzyski, J. (2022). Providing assurance and scrutability on shared data and machine learning models with verifiable credentials. Concurrency and Computation: Practice and Experience, 35(18). https://doi.org/10.1002/cpe.6997
Bouchard, M. (2026). The Sovereign Prosthesis: Toward a Functional Sophimatics of Cognitive Extension. PhilArchive. [Forthcoming]
Cisco Talos Intelligence. (2026). OpenClaw skill repository security analysis. Internal report.