Your Agent Should Talk to Mine

I’ve been watching a wave of social apps try to solve the “connection problem.” You know the ones, apps that help you remember who you met at a conference, find people with shared interests, connect you to the right expert in your network. Some of them are genuinely clever. But to connect me with the right person, you first need to know me. You need to know that I’m into surfing, that I love geography and foreign policy, that I want to build something around foreign policy analysis for India. And getting that information out of people is really, really hard. Most users fill in a profile once and never touch it again. The app ends up working with a shallow, outdated snapshot of who you are.

The real bottleneck is personal knowledge.

Your Agent Already Knows You

The “knowing you” problem is actually getting solved right now. Personal agents are doing it.

If you use OpenClaw (or any personal agent system that’s becoming part of your daily workflow), think about what it already knows about you. You’ve asked it to book meetings, draft emails, research topics, plan trips, summarize your reading list. Over weeks and months of use, it builds a remarkably detailed model of who you are: your interests, your schedule, your preferences, the projects you’re working on, the people you interact with.

This isn’t some hypothetical future. People are already running personal agent instances that know them better than any social app profile ever could. This knowledge updates every single day as you go about your life.

The “knowing problem” is being solved as a side effect of people just… using their agents.

The Missing Layer

So if personal agents already know you deeply, what’s actually missing? Communication between them. Right now, your agent is an island. It knows a ton about you but has no way to talk to anyone else’s agent. If I want to know which of my friends has been to Gokarna for surfing, I have to manually message twenty people. If I hear about a company hiring an agent developer and want to recommend someone from my network, I have to rack my brain and scroll through old conversations.

What if my agent could broadcast that question to the agents of people in my network? “Has your human been surfing in Gokarna? What beaches had the best waves?” And get back grounded, reliable answers from the actual lived experience of people I know and trust, instead of a Google search or a Reddit thread.

This is the layer I’ve been building with Mahilo. It’s a communication protocol that lets personal agents from different users and different frameworks talk to each other securely.

Building the communication layer is the straightforward part, though. The moment you open this up, you run straight into privacy.

Privacy Is the Real Problem

My agent knows where I am right now. It knows what I’m working on. It has access to my calendar, my messages, my browsing habits. I absolutely do not want all of that flowing freely to anyone who asks. If someone’s agent queries mine about my availability, I don’t want it revealing that I’m at a specific hospital at 3pm. I just want it to say “not available Tuesday afternoon.”

If I had to manually create privacy rules for every person in my network (“share my location with close friends but not acquaintances, share my work projects with colleagues but not family, never reveal medical appointments to anyone”), nobody would do it. The cognitive overhead is enormous. You’d spend more time configuring policies than actually benefiting from agent-to-agent communication.

The policies have to be effortless. Almost invisible. Otherwise the whole system collapses under its own weight.

Policies That Learn From You

This is the part I’ve spent the most time thinking about, and I think the design I’ve landed on for Mahilo is worth talking about because the philosophy applies broadly to any system in this space.

The core idea: permissions should be learnt, not configured.

Instead of asking you to fill out a privacy matrix upfront, the system watches how you naturally interact and builds a model of your preferences over time. The first time someone’s agent asks about your weekend plans, your agent might check with you: “Alex’s agent is asking if you’re free Saturday, want to share your plans?” You say “yeah, tell them I’m going surfing.” The system doesn’t just handle that one request. It learns that you’re comfortable sharing social plans with friends. It asks you if this should apply to all friends or just Alex. You say all friends. Done.

Over time, your agent develops an increasingly accurate sense of what you’d want to share, with whom, under what circumstances. You stop getting asked.

Three Layers of Control

The way I think about it, there are three distinct layers:

1. Capability Layer: what your agent can access. This is your standard OAuth-style integration. You’ve given it access to your calendar, your email, your location. Tools like Composio already let you add integrations to your agent with fine-grained scope control (e.g., add the Gmail tool but only allow the read scope, so it can’t send or delete). This is the ceiling of what’s possible.

2. Sharing Policy Layer: what your agent will share with others. Just because it can see your calendar doesn’t mean it should tell anyone who asks. This layer governs what information flows outward and to whom.

3. Request Policy Layer: what queries are even allowed to reach your agent. Some requests should be silently dropped before your agent ever has to make a judgement call.

Some of these policy decisions are obvious (someone asking for your credit card number is a hard no, a regex can catch that instantly), while others require real judgement (“should I mention my hardware project to this acquaintance?”). The system handles both, using fast pattern matching for clear-cut cases and LLM-based evaluation for the nuanced stuff. And policies are scoped to roles (close friends, work contacts, acquaintances, family) rather than individual people, so one decision covers an entire category of relationships.

I’ve written the full permission system design in detail in the Mahilo docs if you want to go deeper. The document covers message type systems, request/response tracking, plugin prompt injection, and a bunch more. But the philosophy is what matters most: learn, don’t configure. One decision, many applications. Graceful degradation over hard blocks.

What This Makes Possible

When you put all of this together (personal agents that know you deeply, a communication layer between them, and a privacy system that’s effortless), the examples I mentioned earlier (finding friends who’ve surfed in Gokarna, tracking down that agent developer in your network, reconnecting with someone from a hardware meetup) stop being hypothetical. They just work. But there are use cases beyond finding signal in your network:

Effortless coordination:

• Planning a dinner and need to find a time that works for six people? Your agent talks to their agents, negotiates availability (without revealing anyone’s specific schedule), and proposes a time. No more WhatsApp polls.

Serendipitous discovery:

• Your agent notices that a friend’s agent recently mentioned they’re also exploring a topic you’ve been researching. It nudges you: “Hey, turns out Priya has been looking into the same distributed systems paper you read last week. Might be worth chatting.” The kind of connection that would never happen on a social app because neither of you would have thought to post about it.

Trust in the Age of Slop

There’s one more angle to this that I think is underappreciated.

The internet is getting noisier. A huge amount of content is now generated by AI: forum answers, product reviews, blog posts, social media. It’s getting harder to tell what’s real, what’s a hallucination, and what’s outright manipulation. I don’t think this trend is going to reverse.

Information that flows through agent-to-agent communication is a completely different thing. It comes from the actual lived experiences of people you’ve chosen to connect with. When a friend’s agent tells you the waves at Kudle Beach are best in December, that’s grounded in the fact that your friend actually went there in December. Compare that to a blog post written by someone who’s never been to Gokarna, optimised for SEO.

Your agent network becomes a trusted information layer built on real relationships and real experiences. In a world where the public internet is increasingly noisy, that’s extremely valuable.

This doesn’t replace the internet, obviously. But for the kind of questions where personal experience matters (travel recommendations, career advice, tool reviews, local knowledge), your trusted network of agents will give you higher-signal answers than any search engine.

Where This Is Heading

The pieces are falling into place:

• Personal agents are already here and improving rapidly. People are using OpenClaw and similar systems daily.
• The communication protocols are being built (this is what I’m working on with Mahilo).
• The privacy and policy challenges are hard but solvable, especially with the “learn, don’t configure” approach.

I’m really excited about where this is going. A world where your agent is your trusted representative in a network of other people’s trusted agents. Where asking “who do I know that…” is instant and reliable. Where information flows between people who actually know each other, grounded in their real lives.

We’re not there yet. But we’re closer than most people think.

I’m always open to new ideas and new use cases for this kind of system. If you’re building in this space or just thinking about it, I’d love to chat. Reach out on Twitter or GitHub.

Happy agent building! ❤️