The Jarvis Demand of Consumer AI Users

Structural Impossibility of Personal AI Through the Rise and Fall of OpenClaw and Hermes Agent

The Jarvis Demand: Why Consumer AI Fails
Structural Impossibility from OpenClaw & Hermes Agent to the Trillion-Dollar Gap

IDemand Validated: Not a Hypothesis, but Hardware Purchasing Behavior

In November 2025, Austrian developer Peter Steinberger released an open-source AI Agent project under the name “Clawdbot.”^[1] Three months later, renamed OpenClaw, it surpassed 350,000 GitHub Stars, overtaking React to become the most-starred software project in GitHub history.^[2]

This was not simply technical enthusiasm within the developer community. It was a strong early traction signal of consumer demand far beyond the tech circle I. It proved that “the personal Agent imagination has been ignited”—although significant uncertainty remains between early enthusiasm and mature, large-scale willingness to pay.

In March 2026, approximately 1,000 people lined up at Tencent headquarters in Shenzhen to install OpenClaw.^[3] Retirees, university students, office workers—they were not programmers, and they did not care about open-source frameworks. What they cared about was: “Can I have an AI that knows me?”

Apple CEO Tim Cook directly confirmed this demand during the Q2 FY2026 earnings call on April 30, 2026:^[4]

In its 20-year history, the Mac mini had never generated such purchasing urgency.^[5] Cook warned that restoring supply-demand balance could take “months.” The Mac mini became the top-selling desktop computer in China.^[6] The most prominent user testimonial on the OpenClaw website reads: “@openclaw is Jarvis. It already exists.”^[7]

When a consumer demand signal is strong enough to disrupt the supply chain of the world’s most valuable company P, it is no longer a signal that “there might be a market”—it is evidence that early market traction has been validated. However, two types of demand must be distinguished: desire-driven demand (“I want Jarvis”—lining up to install, starring repos, discussing on Reddit) and sustainable paid demand (“I am willing to pay $20–50 per month for Jarvis and bear the ongoing costs of maintenance, calibration, privacy authorization, and hardware”). OpenClaw and Hermes validated the scale and intensity of the former; whether the latter can materialize depends on whether cost, privacy, security, and long-term reliability are simultaneously achieved I.

IIThe Economic Flywheel Equation: Two Systems Collapse on the Same Line

2.1 The Success and Collapse of OpenClaw

OpenClaw’s core innovation was injecting the full conversation history as a system-level cache into every new session. This was not a simple “memory” feature—it was a complete behavioral profiling system: the user’s communication patterns, domain knowledge, decision preferences, and reasoning chains were all preserved. This gave the model a stable “personalized” experience, making users feel that “it knows me.”

But this very mechanism also determined the manner of its death.

Full-context injection meant token consumption scaled linearly with conversation depth. When Anthropic cut off subscription OAuth token access for third-party tools on April 4, 2026,^[8] users faced the reality that having AI “remember me” cost $50–300 per month,^[9] while the value delivered by the AI after memory compression—due to inaccurate outputs—might be worth only $20.

Memory compression was an inevitable choice—but it destroyed the very core feature on which OpenClaw’s success depended. Compression algorithms do not discriminate by importance; “carefully constructed data tables were compressed into ‘the agent collected competitor pricing data.'”^[10] The Agent continued to respond confidently—but its outputs were subtly wrong. Meanwhile, security patches deployed to address the security crisis (900 malicious ClawHub plugins,^[11] 9 CVEs^[12]) further eroded its high-privilege control over the computer—the very feature that originally made OpenClaw feel “like Jarvis.”

2.2 The Success and Hidden Risks of Hermes Agent

Hermes Agent, released by Nous Research on February 25, 2026, differentiated itself through an “execute-learn-improve” self-evolution loop. After completing each task, Hermes automatically generated reusable skill files—after accumulating 20+ skills for similar tasks, completion speed improved by 40%.^[13]

But the default deliverable of a self-evolving system is not aligned with humans.

Hermes evaluates its own work to determine task success, but it almost always believes it performed well.^[14] When an agent cannot accurately assess its own output, skills generated from “successful” tasks may encode and accumulate errors. A data extraction skill optimized for one client’s data structure, when encountering vendor data, “happily extracted the wrong fields into the database.”^[15]

Token cost is measurable, but alignment quality is not. This means Hermes’s dashboard will show everything as “economically healthy”—until errors accumulate past a threshold and trust collapses all at once, just as it did for OpenClaw.

IIIArchitectural Tension: The Structural Conflict Between Behavioral Consistency and Cost-Driven MoE-ification

The core qualities Jarvis requires—long-term behavioral consistency, cross-domain reasoning integrity, and low hallucination rates—are, under current engineering constraints, more readily provided by fully parameter-activated Dense architectures. Yet the entire AI industry, driven by cost control, is accelerating its shift toward sparsely activated Mixture-of-Experts (MoE) architectures. This is not a binary “Dense good / MoE bad” judgment, but a tension under constraints: when MoE-ification pursues cost as its sole objective, lacking stable routing, long-term user models, and persona consistency training, it inherently tends to sacrifice the behavioral consistency that Jarvis requires.

On benchmarks, MoE achieves 90–95% of the quality of Dense frontier models.^[16] But for Jarvis, that remaining 5% is precisely the infrastructure of trust—persona consistency, behavioral predictability, and the integrity of cross-domain understanding. MoE’s routing mechanism means the same prompt can activate different expert pathways, producing subtly different outputs. This is irrelevant for coding and mathematics, but fatal for “maintaining a consistent understanding of ‘you’ over time.” DeepSeek V4 exhibits higher hallucination rates compared to Dense counterparts such as Qwen3.6-27B.^[17]

In 2026, every model priced below $1 per million tokens—DeepSeek V4, Llama 4 Maverick, Mixtral, Qwen 3—uses MoE architecture.^[16] The entire open-source AI movement—the foundation supporting OpenClaw and Hermes—is built on MoE economics. The industry is optimizing for the wrong objective: cost per benchmark score, rather than cost per unit of human trust.

3.3 Response: Can Hybrid Architectures Break the Binary Opposition?

Peer reviewers noted that binding Jarvis to Dense architecture may be overly absolute. A possible hybrid approach is: running a very small Dense model (3–7B parameters) on-device, dedicated to persona maintenance, user intent understanding, and task routing, while routing complex execution tasks (coding, mathematical reasoning, data analysis) in de-identified form to large cloud-based or local MoE models.

This rebuttal has engineering merit. However, its implicit premise must be noted: that persona consistency can be encapsulated as a “module” independently maintained by a small model. There is currently no evidence supporting this assumption. OpenClaw’s experience demonstrates precisely the opposite—the experience of “it knows me” emerged from the unified processing of full context within a large model. When you split conversation history, user preferences, and task context across different models, you lose precisely the holistic quality that makes Jarvis feel “like a person.” Small Dense models (3–7B) remain significantly below the threshold for “knowing you” in terms of complex reasoning, long-range dependencies, and cross-domain understanding.

The more fundamental issue is: if execution tasks need to be routed to a cloud MoE, “data de-identification” itself is an unsolved engineering challenge. Which context can be safely transmitted? Does de-identified context still suffice for high-quality execution? These questions have no reliable answers in production environments.

Hybrid architecture may be the most pragmatic transitional approach between 2026 and 2028, but it is a compromise—not a solution.

3.4 Response: Can SSM/Mamba Disrupt Context Cost?

The earlier analysis was limited to the Transformer’s attention mechanism (cost scaling quadratically or linearly with context length). However, State Space Models (SSMs)—such as Mamba, RWKV, and Jamba—offer a fundamentally different technical path: a near-infinite context window with constant inference cost that does not grow with history length.^[22]

If SSM architecture matures, the “full memory = cost explosion” deadlock that OpenClaw faced would be directly bypassed—AI could “remember everything you’ve ever said” without causing exponential token bill growth. This is an important correction to the paper’s economic flywheel analysis: the cost-side problem may not need to wait for hardware price drops and could be resolved through architectural innovation in a shorter timeframe.

But SSM’s limitations are equally clear: as of May 2026, pure SSM models systematically underperform Transformers of equivalent parameter count on complex reasoning, precise in-context retrieval (“What was the third condition you mentioned last Tuesday?”), and multi-step logical chains.^[23] Current best practices (such as Jamba) employ SSM + Transformer hybrid architectures, but this is fundamentally a trade-off between “infinite memory” and “precise reasoning.” For Jarvis, both are indispensable.

SSM may be the key technology for unlocking “economically affordable full memory” in 2027–2028—but it solves the denominator of the flywheel equation (cost), not the numerator (persona consistency and alignment quality). A complete Jarvis still requires layering persona training paradigms and data localization on top of this foundation.

IVThe Training Gap: Definition of Persona Stability, Seven Sub-Dimensions, and the Measurement Dilemma

Before proceeding with the analysis, we first provide this paper’s formal definition of “persona stability” I:

The 2025–2026 post-training revolution (GRPO, RLVR, trajectory RL) was entirely targeted at verifiable execution outcomes: Is the math answer correct? Does the code run? Did the tool call succeed?^[18]

Treating “persona consistency” as a single capability is too coarse-grained. In fact, the “persona stability” required by Jarvis can be decomposed into at least seven operationalizable sub-dimensions:

A common claim is that “persona stability cannot be measured and therefore cannot be optimized”—but this is overly absolute. A more accurate formulation is: persona stability is difficult to directly optimize using single-step verifiable rewards (such as whether a math answer is correct), and therefore current post-training pipelines inherently undervalue it. However, it is not entirely immeasurable. One can construct long-term consistency benchmarks, user preference regression tests, cross-session behavioral drift metrics, and memory fidelity evaluations I. The real barrier is not “inability to measure” but that such measurements require longitudinal evaluation spanning dozens or even hundreds of sessions—far beyond the design scope of current training infrastructure—and that no major lab currently incorporates such metrics into its training loop.

When OpenClaw users said “it knows me,” the “persona” they experienced came from the system prompt (Soul file) and conversation history within the context window—this is an emergent effect of prompt engineering, not a trained capability. Swap out the Soul file, and the “persona” changes instantly. Compress the context, and the “persona” degrades immediately.

The root cause: you can write a test to check whether code runs or a math answer is correct—but evaluating cross-session persona consistency requires longitudinal tracking across dozens to hundreds of interactions, at costs far exceeding single-step verification I. No major lab currently incorporates such long-cycle evaluation into its training loop—not because it is impossible in principle, but because the return on investment is not visible in the short term within the B2B toolification direction.

VIndustry Direction: Five Trends and Their Conditional Tension with the Jarvis Demand

From 2025 through May 2026, the AI industry’s primary development path focused on aligning large models toward tool utility and effective output. Five trends produce tension with the Jarvis demand under specific conditions—but not all are irreconcilable:

Synthesizing the analysis: of the five trends, two (Chat→Agent, Pre→Post) are compatible with Jarvis under specific engineering conditions; two (MoE-ification, Long CoT) carry risks but have known mitigation pathways; only the last (execution metrics monopolizing the measurement system) constitutes a currently intractable structural barrier.

5.2 Counter-Scenario: Big Tech Pivots

An implicit assumption of this paper’s analysis is that the industry will continue along the MoE + cloud + B2B direction. But OpenClaw’s explosion and the Mac shortage have sent a clear signal to all major companies. Apple is the most likely first mover I—it simultaneously possesses: hardware control (Apple Silicon unified memory architecture), a privacy narrative (“what happens on iPhone stays on iPhone”), and an ecosystem closed loop (iPhone + Mac + Watch + HomeKit).

The M5 Max has achieved 28 tok/s on a 70B Q4 model^[27]—exceeding human reading speed and reaching the practical threshold for interactive chat. The M5 Ultra (expected mid-2026) will provide 256GB of unified memory and approximately 800 GB/s bandwidth, enabling 40–60 tok/s on 70B models.^[28] If Apple launches a local-first, privacy-preserving personal AI product in 2027 (built on MLX + local large models + Apple Intelligence integration), the paper’s judgment that “the industry is moving away from Jarvis” will be partially falsified.

But this precisely validates the paper’s core thesis: the demand genuinely exists and is strong enough to drive big-tech strategic pivots. The paper’s value lies in identifying this opportunity—not in predicting who will capture it I.

VIMarket Bifurcation: B2B Pays, Consumers Are Disappointed, Trust Is Irreversibly Lost

Those who can fund AI R&D and investment are enterprises and developers—they want tools. Those who want Jarvis are hundreds of millions of ordinary people—but their needs cannot be met. The industry follows the money, forming a self-reinforcing vicious cycle:

B2B has strong purchasing power → Industry optimizes for B2B (Agent execution, MoE cost reduction, CoT reasoning) → AI products become more tool-like → Consumer experience repeatedly disappoints → Consumers distrust AI → Consumers do not pay → Industry doubles down on B2B → The consumer gap widens further.

Trust damage has three fatal properties: cumulative (each bad experience adds a point), contagious (negative word-of-mouth spreads far faster than positive), and asymmetric (building trust requires 100 good experiences; destroying it requires just 1). OpenClaw went from “Jarvis already exists” to “hurry and switch to Claude Code” on Reddit in just two months.

If trust is exhausted first—even if technology is fully mature in the future, consumer users may have already formed a collective memory that “AI is not trustworthy,” and that trillion-dollar Jarvis market will become a ghost demand that can never be activated.

VIIData Localization: The Ultimate Constraint Ignored by All Candidates

The premise of Jarvis is: you entrust it with everything—emails, files, calendars, finances, health records, passwords, thought processes. No consumer user will hand this information to a cloud server.

Google Gemini requires you to send all data to Google Cloud. Every conversation with Anthropic’s Claude passes through their servers. OpenAI’s Operator controls your browser on their infrastructure. alfred_ and Lindy process your email in their cloud. The boundary must be precisely drawn: a fully cloud-based, non-auditable, non-portable personal AI where users cannot locally reclaim their data does not satisfy the Jarvis requirement in the strong data sovereignty sense. In the short to medium term, the market will see local/cloud hybrid “semi-Jarvis” forms—sensitive data stored locally, vector indexes maintained locally, low-sensitivity execution tasks completed in the cloud, and private tasks processed entirely on-device. This layered architecture is not the final form, but it is likely the most pragmatic configuration to ship first I.

7.2 The Security Permission Paradox: One of Jarvis’s Physical Deadlocks

Part of OpenClaw’s success stemmed from its high-privilege control over the operating system—accessing files, email, calendars, and the terminal. OpenClaw’s official documentation does emphasize the DM security model, sandboxing, and primary session permission layering.^[1] But this reveals a physical deadlock more fundamental than cost:

Greater permissions mean a larger attack surface. An AI Agent that can read and write your emails, execute terminal commands, and manage your calendar is also a high-risk entry point that can be exploited through malicious injection (prompt injection) to delete files, send phishing emails, and leak private data. OpenClaw’s 900 malicious ClawHub plugins are a direct manifestation of this attack surface.

A larger attack surface necessitates least privilege by default. The fundamental principle of security engineering requires restricting permissions to the minimum necessary to complete a task. But “least privilege” inherently conflicts with “seamless agency”—you would never say to Jarvis, “Please first request permission to read my email, then request permission to write to my calendar, then request permission to execute terminal commands.”

Least privilege undermines the Jarvis feel. This is the underlying physical reason for the “strengthen security → reduced control capability” phenomenon: it is not a bug that can be eliminated through better engineering, but a structural tension inherent in high-privilege autonomous systems. Any real Jarvis must find a dynamic equilibrium within this tension—rather than pretending it does not exist I.

OpenClaw got data localization right—it ran on the user’s machine, and data never left the device. This was the fundamental reason for its explosive adoption. But it died from another set of contradictions: local execution can only use small models (MoE or quantized Dense), resulting in poor persona consistency and weak reasoning; using API calls to cloud-based large models means data is no longer local.

7.3 Response: Can Confidential Computing Break the Cloud-vs.-Sovereignty Deadlock?

One alternative technical path worth monitoring is Fully Homomorphic Encryption (FHE) and Trusted Execution Environments (TEE / Secure Enclaves).^[24] In theory, if users can send encrypted data to cloud-based large models, and the model completes inference on ciphertext and returns results—such that even the cloud provider cannot decrypt it—then the deadlock between “cloud-scale compute” and “local data sovereignty” would be broken.

This rebuttal is valid in theory, but faces three obstacles in engineering reality:

Performance cost. As of 2026, the computational overhead of FHE for LLM inference is approximately 10,000–100,000× that of plaintext inference.^[25] Even under the most optimistic progress estimates (10–50× annual improvement), FHE-LLM is unlikely to reach practical latency (< 5 seconds per response) before 2030. A Jarvis that takes 30 minutes to reply is not Jarvis.

The trust problem of TEE. TEE (e.g., Intel SGX, ARM TrustZone), while having far lower performance overhead than FHE, has a security model based on trust in the hardware vendor—users must trust that Intel’s or ARM’s enclaves have no backdoors. For consumer users demanding absolute data sovereignty, this merely transfers trust from the cloud provider to the chip manufacturer, without truly achieving “data never leaves your control.” Multiple publicly disclosed side-channel attacks (Spectre, Foreshadow) have proven that TEE is not impregnable.

Experience fragmentation. Even if FHE/TEE technology matures, encrypted inference cannot support the continuous, streaming, low-latency interaction that is the core of the Jarvis experience. Jarvis is not a batch processing system—it is a real-time companion.

Confidential computing is a technology path worth tracking and has clear application value in enterprise scenarios (medical data, financial compliance). But for the consumer Jarvis, it is more likely to serve as an auxiliary component of hybrid solutions in the foreseeable future (2026–2030)—not a replacement for local inference as the primary path.

7.4 Data Sovereignty Gradient Model D0–D5

“Data localization” is not a binary state. This paper proposes the Data Sovereignty Gradient Model, giving “Jarvis in the strong data sovereignty sense” a precise definition I:

The minimum requirement for Jarvis is D4 (fully local inference). A complete Jarvis requires D5 (adding audit, migration, and rollback capabilities). GDPR Article 20 already grants users the right to data portability—receiving personal data in a structured, machine-readable format and transmitting it to another controller^[29]—but in practice, major platforms (WeChat, Feishu/Lark) still strictly limit external data access.

7.5 Security Permission Task Classification L1–L4

The security permission paradox (permissions ↑ → attack surface ↑ → least privilege → Jarvis feel undermined) requires an operationalizable tiered framework I:

7.6 The Multi-Device Synchronization Dilemma

Using the Mac mini to argue for localization is reasonable, but real users’ digital lives are multi-device (phone + computer + watch). If data is fully localized without relying on the cloud, when a user generates a new memory (context) on their iPhone, how does it seamlessly and securely synchronize with the 70B large model running on the Mac mini at home? I

End-to-end encrypted (E2EE) decentralized synchronization, when handling massive vector databases and model states, results in catastrophic bandwidth and latency. This directly challenges the premise of “data stays on your device”—because “your device” is not one device, but many. The most likely solution is a “personal node” architecture: a user-controlled single server (such as a Mac mini or NAS at home), with all devices synchronizing through a local network or encrypted tunnel. This corresponds to D4–D5 on the sovereignty gradient—data never leaves the user’s physical control, but requires an always-on local node.

VIIIFirst Principles: Personalized Data and Personalized Needs

The seven-layer analysis ultimately collapses into two irreducible premises:

Personalized data—your emails, files, calendars, finances, health records, relationship networks, search history, purchasing habits, and thought notes. This data is unique, must remain under your control, and cannot be sent to any company’s cloud. Without your data, AI does not know you. If it does not know you, it is not Jarvis.

Personalized needs—your working style, decision preferences, communication habits, time management practices, aesthetic standards, risk tolerance, and life priorities. These needs cannot be standardized; there is no “universal human needs template.” Without understanding your needs, AI does not know what to do for you. If it does not know what to do for you, it is not Jarvis.

These two premises share three attributes: uniquely individual, non-standardizable, and must remain in the user’s hands.

8.2 Response: Aren’t 80% of Tasks Standardized?

Peer reviewers raised a pragmatic rebuttal: 80% of daily tasks (scheduling, summarizing emails, searching for information) are highly standardized, and only 20% involve deep personalization decisions. Conflating the two raises the bar for achieving an “initial Jarvis” unnecessarily.

This observation is accurate at the descriptive level. But it precisely proves our point: it is that 20% that defines Jarvis.

Standardized tasks—summarizing emails, checking schedules, translating documents—are already adequately served by existing cloud-based AI tools. Users do not need Jarvis for these; ChatGPT, Gemini, and Siri are all capable. Users were willing to line up to install OpenClaw, pay premiums for Mac minis, and tolerate security risks and half-finished experiences—because what they wanted was precisely that 20%: “knowing that I don’t want to reply to this email,” “remembering what was discussed with this person last time,” “replying in my style,” “understanding why I’m hesitating.”

This 20% cannot be standardized because it is rooted in personal history, relationship networks, emotional states, and value judgments. This 20% is also what no current AI product can cover—because they possess neither the personalized data nor the understanding of personalized needs. It is precisely this unreachable 20% that constitutes the entire premium of Jarvis.

In other words: the existence of 80% standardized tasks does not lower the bar for Jarvis—it instead delineates Jarvis’s value boundary. Something that can handle 80% is a tool; something that can handle that 20% is Jarvis.

Specifically, what does that 20% look like? A scenario I:

8.3 Cold-Start Friction: The Data Island Problem

The premise of the above scenario is that Jarvis already possesses your personalized data. But a critical engineering problem has been overlooked by all prior versions: this data is currently scattered across various cloud silos—WeChat, Feishu/Lark, Gmail, Notion, iCloud, Alipay I.

How does a locally running Jarvis legally and frictionlessly “pull” this data back to the local device? GDPR Article 20 grants the right to data portability,^[29] but in practice: WeChat strictly prohibits external API scraping of user chat records; Feishu/Lark data export requires administrator privileges; Gmail allows Google Takeout but the format is chaotic; Notion exports do not include collaboration context. If users need to manually export, clean, and import data, 99% of consumer users will abandon the process at this step I.

This is the chicken-and-egg problem Jarvis faces: The data that would make Jarvis valuable is locked inside the very platforms Jarvis is meant to replace. Possible resolution paths include: strengthened enforcement of data portability rights by regulators (the EU direction), competitive pressure on platforms to open APIs (the Digital Markets Act), and incremental data collection (Jarvis accumulates from scratch rather than importing historical data all at once). But across all paths, cold-start friction is the #1 go-to-market barrier for consumer Jarvis I.

This means the current AI industry paradigm and the Jarvis paradigm are mirror inversions:

IXThe Business Model Gap: Who Pays for Local Jarvis?

A critical business question: if data is absolutely never uploaded and all processing happens on-device, then aside from hardware manufacturers (like Apple) profiting from selling machines, what is the sustainable revenue model for software and model providers? Without a business flywheel, this paradigm is destined to remain confined to the geek community.

This is a real question that must be answered. We propose four possible business models:

9.1 Hardware-Software Bundle Model (The Apple Path)

The most direct model: embedding Jarvis capability as part of the hardware premium. Apple is already on this path—Apple Intelligence is free but runs only on new devices; the Mac mini sold out due to OpenClaw demand. One can envision a future “Jarvis-ready Mac” line, starting with 64GB unified memory, pre-loaded with a local large model, priced at $1,500–2,500—software is “free,” profit is in the hardware. This is consistent with the iPhone’s business logic: don’t sell software, sell the carrier.

9.2 Local Model Subscription (Continuous Updates as a Service)

The model itself can become a subscription product: $15–30/month for continuous model weight updates, persona training algorithm improvements, security patches, and new capability unlocks—all delivered via differential updates to the local device, with data never uploaded. This resembles the antivirus software business model: the product runs locally, but the “knowledge base” requires continuous updates. The key prerequisite is that updates must deliver real, perceptible value—otherwise, users will churn toward free open-source alternatives.

9.3 Federated Learning Ecosystem Model (Anonymized Improvement as a Service)

Users can opt into a federated learning network: model improvements trained on local devices are anonymously contributed to the collective via gradient aggregation, without exposing any raw data. In return, users receive faster model iterations and lower subscription prices. This is technically feasible (Google has deployed federated learning at scale on Android keyboards^[26]) and is not in conflict with data sovereignty—what is shared is model improvement, not your data.

9.4 Licensed API Model (User-Authorized Precision Services)

Jarvis can become an “authorization proxy”: when interaction with external services is needed (booking a restaurant, purchasing a flight, scheduling a repair), Jarvis interfaces with third-party service providers’ APIs on behalf of the user—service providers pay a licensing fee or commission to the Jarvis platform, and users pay no additional fees. This resembles the credit card three-party model: the cardholder (user) uses it for free, while the merchant (service provider) pays for customer acquisition. User data always remains local; only the minimum necessary information explicitly authorized by the user is transmitted to third parties.

The four models are not mutually exclusive. The most likely evolutionary path is: hardware bundling (Apple drives initial installed base) → subscription updates (model providers earn recurring revenue) → federated learning (reduces marginal improvement costs) → licensed APIs (builds the ecosystem flywheel).

9.5 Competitive Stress Test

The above four paths require competitive stress testing I:

Winner limitation of hardware bundling. If local permissions, chips, OS, security sandboxes, and privacy policies all matter, then the winner naturally looks more like Apple/Microsoft/Google—not independent model companies or open-source communities. This means the real Jarvis may not be built by an AI company.

Subscription faces open-source pressure. Why would users pay $15–30 per month? When free open-source models continuously improve, the subscription’s value lies not in “model weights” but in local personal AI operating system maintenance services—long-term memory systems, security patches, continuous JEF score improvement, device optimization, and permission management. If this value is not perceptible, users will churn to open-source alternatives.

Gradient leakage risk in federated learning. “What is shared is model improvement, not data”—directionally correct, but gradients themselves may leak training data information.^[26] Production environments require secure aggregation, differential privacy, and local noise mechanisms.

Trust contamination of the licensed API. If service providers pay commissions to the Jarvis platform, users will question: “Is it recommending this restaurant because it understands me, or because it’s earning a commission?” This directly attacks the paper’s most central theme of “trust.” Therefore, the licensed API must satisfy: full commission transparency, explainable recommendation rationale, user-interest-first default ranking, and the ability for users to disable commercial ranking. Otherwise, it will degrade from a “trust flywheel” into an “advertising flywheel” I.

XThe Jarvis Evaluation Framework (JEF): Filling the Measurement Gap

This paper criticizes the AI industry for optimizing only verifiable execution metrics (SWE-bench, AIME, GPQA) while ignoring the long-cycle persona qualities that Jarvis requires. But if the paper itself does not propose alternative metrics, this criticism lacks constructive value I. Below is our initial proposal for the “Jarvis Evaluation Framework” (JEF), comprising nine operationalizable dimensions:

We must candidly acknowledge: not all metrics are fully automatable. As shown in the “Automation” column above, 6 of the 9 metrics are fully automatable, 1 requires user behavior inference, 1 requires subjective user feedback (unit trust cost), and 1 requires supplementary security red team evaluation (the “completeness” judgment of the auditability rate).

JEF Weight Profiles

Different users assign different weights to metrics. This paper proposes four standard profiles I:

JEF’s design principles are: every metric can be measured by an automated test suite without relying on human annotation; every metric requires longitudinal (cross-session / multi-day / multi-week) evaluation rather than single-step verification; trade-offs exist between metrics (e.g., reducing privacy exposure surface may reduce proactive suggestion adoption rate), so JEF does not pursue maximization of all metrics but rather Pareto optimality within the user’s acceptable range.

We candidly acknowledge that JEF is a preliminary framework that has not yet been empirically validated. But it at least answers the reviewers’ core challenge: the qualities of Jarvis can be measured, and therefore can be optimized—provided someone is willing to invest in building this evaluation infrastructure.

XIScope Limitations and Future Directions

The following dimensions fall outside the scope of this paper but have significant implications for a complete Jarvis:

Multimodality. This paper focuses on Jarvis in its text-interaction form. Real-time voice interaction (requiring ≥ 40 tok/s + voice model), visual understanding (requiring a vision encoder + text model joint inference), and embodiment (smart home, driving interface control) are necessary conditions for a complete Jarvis, but their on-device compute requirements and timelines lag the text-only Jarvis by approximately 2–3 years and require independent analysis.

Legal and regulatory. Legal liability attribution when Jarvis sends emails or executes financial operations on behalf of the user (product liability vs. user liability), EU AI Act compliance requirements for high-risk AI systems, and the legal framework for cross-border data transfer all require specialized legal analysis.

Cultural differences. Data sovereignty and privacy sensitivity vary dramatically across cultures. The fact that Chinese users lined up at Tencent headquarters to install OpenClaw partly reflects privacy trade-offs different from those in Europe and North America. The D0–D5 gradient model should be applied regionally.

Personalization fine-tuning technical paths. LoRA/QLoRA local fine-tuning, RAG + user knowledge base, persistent system prompt + vector memory—each approach has vastly different computational costs and data requirements on local devices, directly impacting hardware requirement assessments.

XIIConclusion: Validated Demand, Rapidly Narrowing Constraints, and an Opening Window

The viral success of OpenClaw and Hermes is not a technical event—they are the most direct market validation of consumer Jarvis demand. 350,000+ Stars, Mac supply chain disruption, $8.4 billion quarterly revenue, retirees lining up to install—every data point is a human being saying the same thing: “I want an AI that knows me.”

The four core propositions of this paper are all formulated as conditioned claims to ensure defensibility:

The real Jarvis is not a better product—it is an entirely different paradigm. It requires satisfying two irreducible absolute premises: your data and your needs. Both are uniquely individual, non-standardizable, and must remain in the user’s hands. And the value of these two premises is concentrated in the non-standardizable 20% of human life—it is precisely this 20% that defines the dividing line between Jarvis and a tool.

The unlocking conditions are more diverse and the timeline closer than initially expected: the M5 Max has achieved 28 tok/s on a 70B Q4 model,^[27] the M5 Ultra is expected to deliver 256GB unified memory and 40–60 tok/s on 70B by mid-2026^[28]—the latency threshold for text Jarvis (≥ 15 tok/s) has already been crossed by current hardware. SSM architecture may solve the full memory cost problem in 2027–2028. Hybrid local/cloud architecture (D3-level data sovereignty) is the most likely mid-term landing form.

This paper’s final assessment: the hardware window for text Jarvis is not 2028–2030, but 2026–2028. The true bottleneck has shifted from hardware to three soft constraints: the absence of persona consistency training paradigms (requiring JEF-type evaluation infrastructure), the cold-start data island problem (requiring regulatory enforcement or platform API openness), and the dynamic equilibrium of the security permission paradox (requiring productization of the L1–L4 tiered framework).

But one variable is unaffected by technological progress and is deteriorating every day: