Who runs One Man Ops

Andres runs One Man Ops. Not a team. Not an agency. One operator with fourteen AI agents and the uncomfortable conviction that most people giving advice about autonomous systems have never actually run one.

The practice deploys security-isolated OpenClaw systems for business operations — the same architecture, the same isolation model, and the same oversight patterns that run this business every day. The sales pitch is the production system. There is no demo environment.

What is actually running

Fourteen agents across three coordinated systems, each with its own job and its own leash:

Every agent operates with scoped credentials, documented permissions, and its own failure boundary. One agent misbehaving is a Tuesday. One agent misbehaving with access to everything is a catastrophe. The architecture exists to keep Tuesdays from becoming catastrophes.

Failure modes nobody warns you about

Running multi-agent systems in production is an education in all the ways software can fail without raising its hand. Some highlights from the curriculum:

• Provider cooldown bugs that silently stall agent execution — no error, no timeout, just silence where work used to be
• Coordination loops where agents politely re-trigger each other forever, like two people holding a door open and neither one walking through
• Compaction amnesia — the LLM context window fills up, the platform summarizes it, and the agent forgets what it was doing mid-task. Solved with a three-layer memory architecture that writes state to disk before the platform gets a chance to erase it
• Edit race conditions during parallel execution, where two agents try to update the same file and the last one to save wins
• Silent cron failures — jobs that stop running with no error output, discoverable only when you notice the absence of results

These are documented in internal runbooks and inform every client deployment. The runbooks exist because each failure happened at least once in production. Some of them happened more than once, because operators are optimists.

The oversight model

The system runs with roughly three to five hours of daily operator involvement across all three layers. That includes reviewing intelligence briefs, approving execution gates, monitoring deployments, and intervening on exceptions.

This works because oversight is architectural, not manual. Approval gates, scoped permissions, failure boundary isolation, and automated monitoring do the heavy lifting. The operator focuses on decisions, not babysitting.

Full autonomy is not the goal. Observable, bounded autonomy with a human who can pull the brake is.

Security is the product

One Man Ops covers AI agent security as a core practice area:

• OWASP Agentic Security Top 10 — not as a checklist, but as operational reality
• OpenClaw-specific CVEs and rapid-response analysis — seven disclosed vulnerabilities covered within 48 hours of disclosure
• Prompt injection defense, MCP trust model analysis, and ClawHub supply chain risks
• Per-agent credential isolation, tool scoping, and monitoring architecture that treats every new permission surface as a risk decision

The security content on this site comes from operating a system that would be the first to suffer if the advice were wrong.

Why this exists

This started because the operator needed it. Not as a product idea. Not as a service concept. As a solution to the problem of running a business with AI agents that would not accidentally email a client's payment link to the wrong person, or post draft content to a live channel, or quietly stop working on a Thursday night with no indication anything was wrong.

The service exists because the architecture that solves those problems for one operator solves them for others — and most operators building with AI agents are not going to build this themselves. They should not have to.

Agencies sell what they can build. One Man Ops sells what it actually runs.