CLI-Anything Hit 31k Stars Because AI Agents Need CLIs, Not GUIs

Matt Webb has a blunt message for anyone building personal AI agents: stop making them click through GUIs like digital rodents in a maze. Agents should talk directly to services through CLIs and APIs built for machines. In a blog post on Interconnected, Webb points to a growing ecosystem of tools like gws (Google Workspace), Obsidian CLI, Salesforce CLI, and CLI-Anything, a GitHub repo with 31k stars that auto-generates command-line interfaces for any codebase. CLIs are composable. An agent can work across your notes and spreadsheets in one session. GUIs lock you into what Webb calls "user journeys," those predetermined paths product managers love but actual humans ignore.

The security angle is where things get genuinely unsettling. Webb cites reports of Anthropic's Claude Mythos model being so effective at finding security flaws that the company withheld it from release and governments started calling emergency meetings with major banks. Consider that. AI agents working through GUIs will surface every vulnerability hiding in every interface. Webb points to a real example: Companies House, the UK's corporate registry, had a bug where clicking the browser's back button after a failed login attempt dumped you into someone else's account. That bug sat undiscovered from October 2025. Now imagine thousands of AI agents poking at services like this every night. CLIs, being smaller and simpler, present fewer attack surfaces.

What happens to frontend design? Webb thinks it becomes mostly about brand, not usability. Users will encounter your app once or twice, get a feel for what you offer, then hand everything off to their AI agent. The "user journey" optimization that's consumed countless product hours won't matter much. But the vibe still matters. Yelp and Google Maps both find restaurants, but they feel different, and that feeling determines which one your agent reaches for first.

Webb's advice to banks: ship a hardened CLI tool yesterday. The open questions around permissions and edge cases won't solve themselves. Hacker News commenters suggest 7 to 10 years before competing protocols like MCP converge into something standard. Sounds about right. Banks should start building now, before someone else's agent finds their vulnerabilities first.