โš ๏ธ Important Disclaimer

Disclaimer: Use of Lowkey (Loki) Agent

1. Not an Amazon Product

Lowkey (also referred to as "Loki") is an open-source, third-party project. It is not an Amazon or AWS product, is not developed, maintained, endorsed, warranted, or supported by Amazon, and carries no AWS service-level agreement. We are sharing it because we believe it may be useful to customers who want to prototype rapidly on AWS โ€” nothing more.

Project references:

Your use of Lowkey is governed solely by the licenses and terms published by the Lowkey project.

2. What Lowkey Does (and Risks Involved if Not Managed Properly)

Lowkey is an autonomous AI agent that runs inside your AWS account and can design, deploy, modify, and delete AWS resources on your behalf. Lowkey ships with administrator privileges out of the box, which you can and should adjust to fit your needs and your organization's risk posture.

LLMs can make mistakes. That reality applies to every LLM-powered system, and Lowkey is no exception. Because Lowkey is built in part on OpenClaw, it inherits OpenClaw's underlying behavior โ€” and the scope of any mistake scales directly with the scope of the permissions and data you give the agent.

Managed well, Lowkey is a fast, capable builder. Managed poorly, Lowkey (by way of OpenClaw) has the potential โ€” for example โ€” to:

None of these are reasons to avoid Lowkey. They are reasons to scope its permissions, isolate its environment, and monitor what it does โ€” which the rest of this document describes in detail.

3. Recommended Practices Before You Run Lowkey

If you choose to evaluate Lowkey, we strongly recommend โ€” at a minimum โ€” that you follow all of the practices below.

3.1 Skilled Operator: Operate Lowkey with a skilled operator from day one

The single biggest factor in whether a Lowkey prototype is more secure, spends less money, and is well architected and can later be graduated to production is who is sitting at the keyboard. We strongly recommend that Lowkey be operated, from the very first session, by a skilled operator โ€” an architect or senior technical person with working knowledge of:

A skilled operator will steer the agent toward designs that are already close to production-grade, catch unsafe patterns early, and make the eventual graduation a review โ€” not a rewrite. Lowkey amplifies the person driving it: a strong operator produces prototypes that could graduate; a weak operator produces prototypes that cannot.

3.2 Use a dedicated sandbox AWS account under AWS Organizations

3.3 Put nothing in the account you are not willing to lose

3.4 Monitor and control cost aggressively

Lowkey can provision real, billable AWS infrastructure. Before you start:

3.5 Estimate cost before you build

The cheapest way to control cost is to decide what you are willing to spend before the agent provisions anything. Make cost part of the design conversation, not a post-mortem.

Chat with Lowkey about costs:

Re-estimate whenever the design materially changes. Treat the estimate as an artifact worth saving in the repository alongside the code.

3.6 Have Lowkey produce daily status briefings

Configure Lowkey to generate a daily briefing covering every prototype it is managing, so nothing drifts out of sight. A good daily briefing includes:

The Lowkey project provides Bootstrap markdown files that make this easy to wire up. See the official essential bootstraps for reference:

Route the briefing to wherever the skilled operator actually reads messages (Slack, Telegram, Discord, email) and read it every day while any prototype is live.

3.7 Scope for prototyping first

Out of the box, Lowkey is appropriate for very fast prototyping and experimentation. As shipped, it is not appropriate for:

4. Graduating a Lowkey Prototype to Production

There is a viable path from a Lowkey prototype to a production workload, provided the following practices are observed. Treat these as required, not optional.

4.1 Everything lives in a code repository

4.2 Keep the CI/CD footprint internal while prototyping

While prototyping, we recommend using AWS-native, in-account CI/CD services such as CodeCommit, CodeBuild, CodePipeline, and CodeArtifact. This keeps early experiments out of external SaaS organizations and makes it easy to tear everything down with the sandbox account.

4.3 Generate reviewable & executable Infrastructure-as-Code artifacts

A prototype is not graduation-ready until the infrastructure is expressed as reviewable and executable IaC:

4.4 Mandatory architect review before graduation

Before any Lowkey-originated workload graduates to a production account, we recommend it pass a formal review by an architect (or equivalent senior technical reviewer) covering at minimum:

4.5 Graduate into a different account

Prototypes operated this way โ€” by a skilled operator, captured as IaC in a repository, reviewed by an architect, and redeployed into a proper production account โ€” can legitimately become production workloads. Prototypes operated any other way should be treated as throwaway.

5. Your Responsibility

You โ€” the AWS customer โ€” remain fully responsible for:

Amazon accepts no liability for losses, damages, charges, or incidents arising from your use of Lowkey.

6. With Great Power Comes Great Responsibility

Builder, Fullstack Agents with powerful access are a genuinely new class of tool. Used inside a tight sandbox, with budgets and guardrails, Lowkey can compress days of prototyping into minutes. Used carelessly, it can produce a very expensive, very public mistake in the same amount of time.

Please choose the first option.

This document is informational only and does not constitute a contract, warranty, endorsement, or support commitment by Amazon or AWS.