TFTC: A Bitcoin Podcast #745: The AI Approval Layer Is Fake with Zach Herbert
May 13, 2026
Zach Herbert, co-founder of Foundation Devices and builder of Passport Prime and the KOS microkernel, blends hardware-wallet security with personal computing. He argues current AI permission layers are deceptive. He discusses reinventing OS design for AI, microkernel sandboxing, human-in-the-loop approvals, and storing AI creds and keys on trusted devices.
AI Snips
Chapters
Transcript
Episode notes
AI Permission Layers Are Largely Fake
- Current AI permission prompts are cosmetic because models often already have the capability once you grant credentials, so approvals inside the same device are insecure.
- Zach Herbert argues approvals must be delivered to trusted external hardware so humans review actions outside the agent's blast radius.
Why Legacy OSes Fail In An AI Era
- Legacy monolithic OSes (Windows, macOS, Linux, iOS, Android) present enormous attack surfaces for AI agents and lack a way to distinguish humans from agents.
- Zach says microkernel architectures with small kernels and app sandboxes reduce attack surface and enable human-in-the-loop approvals.
Build Small Kernels And Isolated Drivers
- Do build small-kernel, sandboxed systems where drivers and services run as isolated apps to limit compromise paths.
- Foundation built KOS with a <9,000-line microkernel and user-space drivers to enforce message-passing permissions.