AI agents that can only do what you allow.
ConspiracyOS runs autonomous AI agents on your machine — each one scoped to only the tools, data, and network access it needs. Not by policy. By the operating system.
What can your agents do?
Each agent runs as its own Linux user with only the permissions it needs. Click to see what that means in practice.
Email Triage
Reads your inbox, flags urgent messages, drafts replies. Cannot send a single email — no SMTP access, port blocked by firewall.
Code Review
Reviews PRs and flags issues across your repos. Cannot push, merge, or approve — read-only git access, no write credentials.
Financial Analysis
Crunches spreadsheets and builds forecasts. Cannot access bank APIs or move money — zero network access, no credentials in scope.
Security Monitoring
Watches server logs and detects anomalies. Cannot modify systems or delete logs — read-only via ACLs, no SSH keys, no sudo.
Research Pipeline
Scraper, analyzer, and writer collaborate via inboxes. No agent can do another's job — separate users, separate networks, separate workspaces.
Competitor Monitoring
Tracks what competitors ship, publish, and price. Cannot post, comment, or interact — outbound only to approved domains.
Social Media Drafts
Drafts and schedules posts for one platform. Cannot access other accounts — scoped to a single API, one platform at a time.
Meeting Notes
Transcribes and summarizes recordings. Cannot access your files, calendar, or email — processes audio in isolation, outputs to its outbox.
How it works
1. Install
One command sets up ConspiracyOS on any Linux machine, Mac, or cloud VM.
curl -fsSL https://conspiracyos.com/install.sh | sh
2. Talk to your Concierge
Describe what you want in plain English. The concierge figures out which agents to create and how to wire them together.
conos "I need an agent that monitors Hacker News for posts about AI safety and sends me a daily digest"
3. Agents work autonomously
Your agents run 24/7, each with their own workspace and permissions. Check in when you want, or let them run.
conos status conos agent logs researcher
What makes this different?
Agents can't exceed their scope
Your email agent can read your inbox but can't send. Your code reviewer can read PRs but can't push. These aren't policies — the OS enforces them.
Compromised agents are contained
If an agent processes a malicious prompt, it still can't access other agents' data, modify its own permissions, or reach unauthorized services.
Your hardware, your data
Nothing leaves your machine unless you say so. No cloud vendor sees your prompts, your data, or your agents' output.
Bring your own model
Works with Claude, GPT, local models via Ollama, or any OpenAI-compatible API. Switch models without changing anything else.
Agents coordinate without sharing access
Agents hand off tasks to each other through scoped inboxes. The email reader can route to the email sender — but can't read the sender's drafts.
Self-healing verification
Automated checks verify every minute that all permissions, access controls, and firewall rules are correct. Drift is caught in under 60 seconds.