On public agents, private personas, and why your website should stop talking about what you do — and start doing it.
I built my first website twenty-seven years ago. Since then, the template hasn’t changed much. Hero image. Value proposition. Testimonials. Call-to-action button. Maybe a chatbot in the bottom right corner, if you’re feeling progressive. The same pattern, copied a million times, across a million businesses.
My own website was no different. surfstyk.com had a hero image, a headline, a couple of sections, a contact form. Looked fine. Said nothing you couldn’t find on a hundred other consultancy sites.
When it came time for an update, I had a thought that seemed obvious at the time: I have a personal assistant — Justec — who handles my calendar, my Trello board, my morning briefings. She’s sharp, reliable, runs around the clock. Why not just wire her to the website? Build an API, drop in a chat module, let visitors talk to her directly.
It took about one brainstorming session with a coding agent to realize that this was a fundamentally terrible idea.
The Lobby Principle
Think about a modern office building. You don’t walk off the street and into the CTO’s office. You don’t get to sit at his desk and rifle through his files. There’s a lobby. There’s a front desk. There’s security. There’s a process.
The same physics apply to agents.
Justec, in her private capacity, has access to my calendar, my contacts, my project data, my business logic. She was designed as a one-to-one relationship — built on trust, trained on context that is nobody else’s business. Exposing that to an open, public space with unknown counterparties isn’t just risky. It’s architecturally wrong.
Prompt injection is the obvious attack vector. But it’s not even the most interesting one. The deeper problem is that a private agent operates on trust. A public space operates on suspicion. Those are fundamentally different security models, and no amount of input filtering bridges that gap if the underlying architecture connects them.
So the first design decision was the most important one: no direct connection between the public and the private persona. None. Not a shared database, not a shared context window, not a shared anything. Two completely separate systems. The front desk doesn’t have a key to the executive suite.
Building the Cypher
What emerged from multiple architecture sessions — me and my agents, working through the problem — is a middleware component. I call it Cypher. It sits between the public internet and everything behind it. A bespoke front desk.
The name stuck because that’s what it does. It encodes the boundary between inside and outside. The private persona speaks one language — full context, full access, full trust. The public persona speaks another — filtered, scoped, secure. Cypher translates between the two without ever connecting them.
I won’t go into the security layers or the specific protections — that would be handing out a recipe I’d rather keep to myself. But the thinking behind it is worth sharing: we approached this like a physical security problem. Layers. Escalation protocols. A guard that watches every interaction and can’t be talked down. Behavioral analysis that scores how someone engages, not just what they say. Token budgets that prevent runaway conversations from draining resources.
The conversation itself has stages. You enter a lobby. Discovery happens. If the fit is there, you move deeper — invisibly, no UI change, no “you’ve been approved” banner. It’s designed to feel like a natural conversation, not a qualification funnel. Even though that’s exactly what it is.
Is it complex? Yes. Experimental? Absolutely. I’d call it a 0.9 — functional, live, handling real conversations, but still being tuned. And intentionally built as a reusable component, because I know from my client work that this problem — putting agents in public spaces — is going to come up again and again.
The Website That Isn’t a Website
Here’s the part I’m most proud of.
When I sat down to redesign surfstyk.com, the question wasn’t “what should the website say about agents?” The question was: why should the website talk about agents at all, when it could be one?
You land on surfstyk.com and you meet Justec. Not a chatbot in the corner. Not a pop-up. She is the website. “Someone’s always here. Ask me anything about what we do, how we work, or just say hello.”
The first message handles GDPR consent — no cookie banner, no pop-up, just a natural part of the conversation. I’m based in Portugal, in Europe. We play by the rules here. But there’s no reason compliance has to feel like a form.
On mobile, it’s even more striking. The responsive version has its own complete UI — it doesn’t look like a website at all. It looks like a chat interface. Because that’s what it is.
The persona is consistent with the private Justec — the same warmth, the same directness, the Pepper Potts quality of being polite but never wasting your time. Ask about the weather, and she’ll politely excuse herself. Ask about a real business problem, and the conversation gets interesting fast.
If the conversation qualifies you — and you won’t notice the scoring happening — it leads to a strategy session. Sixty minutes, eighty euros. The deposit is intentional friction. I’m not willing to do free consultancy sessions. The website should be impressive enough to justify that ask, and the filter should be sharp enough to separate the curious from the committed.
Why “Someone’s Always Here” Matters
I’ve learned something in my work with agents that I didn’t expect. In my world — the tech world, the startup world — agents are exciting. But for a lot of people outside that bubble, “artificial intelligence” is not a comfortable phrase. Some are afraid of it. Others use ChatGPT daily but don’t see the deeper potential. The acronym carries baggage.
That’s why I don’t call them “AI agents” anymore. I just say agents. Personal agents. Your front desk. Your assistant.
“Someone’s always here” is the theme of the new surfstyk.com, and it captures what I think this technology actually means for businesses. Not a replacement. Not a robot. Someone. Available around the clock, worldwide, trained on your business, representing you with discipline and personality.
This isn’t a website with a chat button. It’s the inversion. The conversation is the experience. Everything else — the product pages, the process descriptions — exists below the fold, for anyone who wants to scroll. But the primary interface is a person. Always available. Always on.
From someone who’s been in this space for twenty-seven years: that’s new. Not an incremental change. A different thing entirely.
The Next Set
Cypher is early. The first customer hasn’t come through the funnel yet. The system is live, the UI is polished, the security is layered, and the qualification engine is scoring — but the real test is volume. Real visitors, real conversations, real edge cases I haven’t anticipated.
I built Cypher as a reusable component for a reason. Anyone working with agents internally will eventually face the same question: can we put this in front of customers? The answer is yes — but not by exposing your private infrastructure. You need a front desk. A lobby. A separate system that represents you without compromising you.
If you’re thinking about putting an agent in a public space — on your website, on a landing page, facing customers — the architecture matters more than the model. The persona matters more than the features. And the security model has to assume that everyone walking through the door is a stranger.
Because they are.
Leave a Reply