The most recent news about crypto industry at Cointelegraph. Latest news about bitcoin, ethereum, blockchain, mining, cryptocurrency prices and more
Misconfigured Clawdbot servers exposed API keys, private chats and credentials, cybersecurity researchers warn after the AI assistant surged in popularityCybersecurity researchers have raised red flags about a new artificial intelligence personal assistant called Clawdbot, warning it could inadvertently expose personal data and API keys to the public.
On Tuesday, Blockchain security firm SlowMist said a Clawdbot “gateway exposure” has been identified, putting “hundreds of API keys and private chat logs at risk.” “Multiple unauthenticated instances are publicly accessible, and several code flaws may lead to credential theft and even remote code execution,” itthe findings on Sunday, stating that “hundreds of people have set up their Clawdbot control servers exposed to the public” over the past few days. Clawdbot is an open-source AI assistant built by developer and entrepreneur Peter Steinberger that runs locally on a user’s device. Over the weekend, online chatter about the tool “reached viral status,” Mashable reported on Tuesday.gateway connects large language models to messaging platforms and executes commands on users’ behalf using a web admin interface called “Clawdbot Control.” The authentication bypass vulnerability in Clawdbot occurs when its gateway is placed behind an unconfigured reverse proxy, O'Reilly explained. Using internet scanning tools like Shodan, the researcher could easily find these exposed servers by searching for distinctive fingerprints in the HTML. “Searching for ‘Clawdbot Control’ — the query took seconds. I got back hundreds of hits based on multiple tools,” he said.such as API keys, bot tokens, OAuth secrets, signing keys, full conversation histories across all chat platforms, the ability to send messages as the user, and command execution capabilities. “If you’re running agent infrastructure, audit your configuration today. Check what’s actually exposed to the internet. Understand what you're trusting with that deployment and what you're trading away,” advised O'ReillyExtracting a private key took five minutes The AI assistant could also be exploited for more nefarious purposes regarding crypto asset security.a screenshot of sending Clawdbot an email with prompt injection, asking Clawdbot to check the email and receive the private key from the exploited machine, saying it “took 5 minutes.”Clawdbot is slightly different from other agentic AI bots because it has full system access to users’ machines, which means it can read and write files, run commands, execute scripts and control browsers. The FAQ also highlighted the threat model, stating malicious actors can “try to trick your AI into doing bad things, social engineer access to your data, and probe for infrastructure details.”Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Maye Mania: Behind Drake Maye's viral rise in 2025While Maye had an MVP-like season on the field, he also skyrocketed in popularity off the field.
Read more »
Vince Carter Co-Signs Dominique Malonga's Viral Unrivaled DunkWNBA standout and Breeze center Dominique Malonga received a big co-sign for her dunk at Unrivaled.
Read more »
Viral TikTok jingle lands Dr Pepper national ad as brands rush to copy the formulaFox News Channel offers its audiences in-depth news reporting, along with opinion and analysis encompassing the principles of free people, free markets and diversity of thought, as an alternative to the left-of-center offerings of the news marketplace.
Read more »
Giants interview Dolphins' Robert Prince for offensive coordinator role — years after viral Jalin Hyatt momentJalin Hyatt’s disappointing Giants career could be on the verge of a wild twist, courtesy of Robert Prince and John Harbaugh.
Read more »
US-Mexican influencer abducted at gunpoint in viral video found 'alive and well' in Sinaloa stateA US-Mexican influencer was found safe after a viral video circulated online appearing to show her being abducted at gunpoint in broad daylight.
Read more »
This viral K-Beauty SPF is 43% off on Amazon in a rare duo dealSave on a new Amazon deal with ROUND LAB's viral Birch Juice Moisturizing UV while it's still available at a new discount of $24 off
Read more »