Moltbot, an AI agent that can connect to your apps and your computer system, is exploding in popularity. But it can pose some serious security risks if you’re not careful.
An open-source AI agent that “actually does things” is taking off, with people across the web sharing how they’re using the agent to do a whole bunch of things, like manage reminders, log health and fitness data, and even communicate with clients.
The tool, called Moltbot , runs locally on a variety of devices, and you can ask it to perform tasks on your behalf by chatting with it through WhatsApp, Telegram, Signal, Discord, and iMessage. Federico Viticci at MacStories highlighted how he installed Moltbot on his M4 Mac Mini and transformed it into a tool that delivers daily audio recaps based on his activity in his calendar, Notion, and Todoist apps. Another person prompted Moltbot to give itself an animated face, and said it added a sleep animation without prompting. Moltbot routes your request through the AI provider of your choice, such as OpenAI, Anthropic, or Google. Like many of the AI agents we’ve seen so far, Moltbot can fill out forms inside your browser, send emails for you, and manage your calendar — but it does so a lot more efficiently, at least according to some of the people using the tool. There are some caveats, though; you can also give Motlbot permission to access your entire computer system, allowing it to read and write files, run shell commands, and execute scripts. Combining admin-level access to your device and your app credentials could pose major security risks if you’re not careful. “If your autonomous AI Agent has admin access to your computer and I can interact with it by DMing you on social media, well now I can attempt to hijack your computer in a simple direct message,” Rachel Tobac, the CEO of SocialProof Security, says in an email to The Verge. “When we grant admin access to autonomous AI agents, they can be hijacked through prompt injection, a well-documented and not yet solved vulnerability.” A prompt injection attack occurs when a bad actor manipulates AI using malicious prompts, which they can either pose to a chatbot directly or embed inside a file, email, or webpage fed to a large language model. Jamieson O’Reilly, a security specialist and founder of the cybersecurity company Dvuln, discovered that private messages, account credentials, and API keys linked to Moltbot were left exposed on the web, potentially allowing hackers to steal this information or exploit it for other attacks. O’Reilly says he reported this issue to Moltbot’s developers, who have since issued a fix, according to The Register. One of Moltbot’s developers said on X that the AI agent is “powerful software with a lot of sharp edges,” warning that users should “read the security docs carefully before you run it anywhere near the public internet.” Moltbot has already been the subject of scams as well. Peter Steinberger, the tool’s creator, says that after he changed the name of Clawdbot to Moltbot due to trademark concerns from Anthropic — which operates a chatbot called Claude — scammers launched a phony crypto token named “Clawdbot.”
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
What Trump officials claimed about Alex Pretti — and what the evidence actually showsTop officials in President Donald Trump’s administration have responded to the killing of Alex Pretti by the Border Patrol in Minneapolis on Saturday with a torrent of claims that are either contradicted by video footage or unsupported by any evidence presented so far.
Read more »
7 Anime Filler Episodes That Are Actually AmazingAnime fans, however, are nothing if not passionate, and their relationship with filler is complicated at best.
Read more »
Wait, Did Masters Of The Universe Confirm He-Man's Cat Will Actually Talk?Nicholas Raymond is an author and journalist based out of Alabama, where he proudly roots for the Alabama Crimson Tide football team. A graduate of the University of Montevallo, he has a degree in mass communication with a concentration in journalism.
Read more »
Will Howard Might Actually Get Shot as Steelers QBThe Pittsburgh Steelers new head coach could open the door for Will Howard.
Read more »
4 Dash Cams Actually Worth Your Money, According To Consumer ReportsGaurav has been writing about consumer technology for 15 years. He started his tech journalism career with a self-published blog about Android that quickly became one of the most-read Android blogs in India.
Read more »
LIZ PEEK: Here is the one and only thing that Democrats actually care aboutFox News Channel offers its audiences in-depth news reporting, along with opinion and analysis encompassing the principles of free people, free markets and diversity of thought, as an alternative to the left-of-center offerings of the news marketplace.
Read more »