AI researcher and author Gary Marcus is concerned about these viral agents and their social networks.
Last week, X was inundated with animated lobsters. First, it was OpenClaw (previously known as Moltbot and Clawdbot before Anthropic). AI agents run locally and can make decisions independently without human supervision for common consumer apps.
Then came Moltbook, a Reddit-like social forum where AI agents post and comment. Although humans are not allowed to enter, it seems possible that some humans may have sneaked in.
Marcus is known for throwing cold water on the most ardent AI fanatics. It’s in the title of his book, “Tame Silicon Valley.” The entrepreneur and scientist founded machine learning startup Geometric Intelligence, which he later sold to Uber. He is now advocating for AI regulation and consideration of risks.
His take on these new tools was no different. In a Substack post, he bluntly stated: “If you care about device security or data privacy, don’t use OpenClaw,” he wrote. “period.”
We wanted to hear more of his thoughts on AI’s latest viral moment, so we followed up with Marcus via email for a short Q&A. Lightly edited for clarity.
Here’s what he has to say about AI agents popping up everywhere.
Let’s start with OpenClaw. When did you first encounter it and what was your reaction?
At that time, I believe it was called by a different name many days ago (7 days ago?). My immediate reaction is that this is the same as AutoGPT and will be a complete security disaster if it becomes widespread. Perhaps, with any luck, it will be a teachable moment and the damage will be modest.
Why do you think OpenClaw has become so popular (at least online)?
It’s a lot of fun to play and will make you feel like you’ve got an express ticket to the future. Personally, I don’t think I’ll touch it.
Compared to OpenClaw, AutoGPT. How are they similar and how are they different?
Both are essentially connectors between LLM and services. The underlying LLM is better now than it was in 2023, but the security risks are about the same and much greater. It’s like giving full access to your computer and all your passwords to a guy you meet at a bar who says he can help you. Well, maybe.
Is there a safe way to use OpenClaw? What should I do if I already have it configured?
I wonder if there is really a safe way to use it. Personally, I would try stopping it from running, uninstalling it, and changing my passwords for banking, etc.
OpenClaw creator Peter Steinberger said he has taken steps to make OpenClaw more secure. (here it is An example.) What do you think about these efforts?
Noble, but is it like putting your finger in a levee to prevent a flood?
Move to Maltbook. Is there an argument for having agents permanently on site?
Do you like living dangerously?
At TBPN, Matt Schlicht argued that startups should build their businesses “on top of Moltbook.” What do you think about his proposal?
I wish you the best. Please don’t blame me if your customer base gets scammed due to a prompt injection attack that you were unaware of.
Andrew Bosworth, CTO of Meta, said: Maltbook was not interestingBecause these agents are trained to speak like humans. What are your thoughts?
In fact, Facebook conducted a related experiment years ago. He’s right that we shouldn’t be completely surprised. The interest comes primarily from scale.
Will we be talking about Moltbook in two weeks or is this just a meme cycle?
I don’t know. AutoGPT exploded like a rocket in March 2023, but disappeared due to reliability and accuracy issues. I wouldn’t be surprised if this was just a fad like Sora’s videos and pet rocks. But let’s see.
