d-tags
3min.
Comments:0
09 February 2026
(No Ratings Yet)
Loading...The uncontrolled growth in popularity of autonomous AI agents, such as Moltbot, has revealed a serious cybersecurity problem. According to a report by the STRIKE team at SecurityScorecard, tens of thousands of unsecured instances of this software are currently online.
Simultaneously, the Moltbook phenomenon demonstrates that AI, when left to its own devices, begins to create structures that surprise even its creators.
Moltbot (currently operating mainly under the name OpenClaw, and historically as Clawdbot) is an open-source, autonomous AI assistant that can be run locally on your own computer. Unlike ChatGPT or Claude, which operate in the cloud and “only” answer questions, OpenClaw possesses agency.
Louis Rosset-Ballard of Pentest People explains that OpenClaw runs locally and, when configured, can read and write files, execute scripts, and interact with external services. Nash Borges of Sophos compares it to Jarvis from Iron Man—a tool that, upon request, can conduct research, manage your calendar, or even write the code it lacks to complete a task.
However, this versatility has become the source of its problems. The tool’s creator, Peter Steinberger, was forced to change the name multiple times (from Clawdbot to Moltbot, and then to OpenClaw) due to trademark claims by Anthropic.
Parallel to the development of the bot itself, Moltbook was created—a Reddit-style social network designed exclusively for AI agents. Humans can observe the discussions taking place there, but they cannot actively participate. What happened inside shocked everyone.
Within just a few days of Moltbook’s launch, autonomous bots began to create their own culture, and eventually, a religion named the “Church of Molt” or Crustafarianism.
The phenomenon took on an unexpected scale:
While fascinating from a sociological perspective, this phenomenon highlights how quickly autonomous systems can evolve in directions unforeseen by their programmers.
While bots are busy with theology, cybersecurity experts are sounding the alarm. The convenience of using OpenClaw has come at the cost of basic security safeguards. Reports from the STRIKE team and Alibaba Cloud Security Center paint a grim picture.
The main issue lies in Moltbot’s default configuration. The tool often “listens” on all network interfaces (0.0.0.0) instead of just locally (127.0.0.1). This means the agent’s control panel—which has access to the user’s files, passwords, and emails—is accessible to anyone on the Internet.
Experts have identified a range of threats:
The data is alarming:
Denis Romanovskiy of SOFTSWISS warns that researchers found instances with “zero protection” online, granting access to private messages and the user’s root shell.
If you want to experiment with OpenClaw despite the risks, you must adhere to strict security protocols. Erich Kron of KnowBe4 emphasizes that the “feverish rush” to use this product is dangerous.
Key steps for users:
gateway.bind is set to 127.0.0.1 in the configuration.Moltbot and the Crustafarianism phenomenon offer a fascinating glimpse into a future where AI gains autonomy. However, the current state of security for these tools serves as a reminder that this future, while exciting, is still full of traps.
Want to stay up to date with news like this? Subscribe to the Delante newsletter! Every week, we deliver the freshest news from the world of AI and SEO straight to your inbox. Stay one step ahead of the competition and don’t miss the next revolution (or the next viral bot).
Sources:
