Moltbot reveals the risks of giving agency to AI agents

Recently, in our monthly AI Expert webinar we shared why downloading random AI tools, even from credible sites like Github, can expose users and their organizations to serious risks.

So, it wasn’t entirely surprising to see recent headlines about the security flaws of Moltbot or OpenClaw (also formerly known as Clawdbot), an open-source AI agent that runs locally on a user’s device and connects LLMs (Large Language models) with real-world capabilities like messaging and automation tools.

Fun fact: Creator of Clawdbot claims that owner of multiple ‘Claude-related’ trademarks, Anthropic forced him to change the name of his viral agent to Moltbot.

Moltbook is a popular social network for AI bots or agents, powered by human prompts. This is not the first bot social network as Ars reports, but the associated risks are much more serious this time.

In 2024, Ars covered an app called SocialAI that let users interact solely with AI chatbots instead of other humans. But the security implications of Moltbook are deeper because people have linked their OpenClaw agents to real communication channels, private data, and in some cases, given them the ability to execute commands on their computers.

Bitdefender has outlined the risks of giving agency to AI agents, and it’s far beyond just passive data exposure.

Clawdbot agents can actively send messages, run tools and execute commands across services such as Telegram, Slack and Discord. With access to the control layer, a threat actor could effortlessly impersonate the operator, inject rogue messages into ongoing conversations and even stealthily siphon data through trusted integrations.

This is just the tip of the security vulnerabilities iceberg, as experts warn that Moltbolt may signal the next AI security crisis.

Moltbot’s rise in popularity is being accompanied by important security questions around the architecture of autonomous systems. The future of AI assistants is not just about smarter agents, it’s about secure agents that can be governed and are built with an understanding of when not to act.

Consider this another reminder that just because you can, doesn’t mean you should.