It seems like only yesterday that ChatGPT was taking the world by storm. Its ability to reason and give human-like responses has led everyone to believe that artificial intelligence will revolutionize our digital lives.
ChatGPT is based on large-scale language model technology. It is a learned program that can participate in conversations, reason automatically, and code computer programs. There are currently many alternatives to ChatGPT, including Anthropic’s Claude, Google’s Gemini, and Meta’s Llama, and the range of tasks they can perform continues to expand.
AI developers are currently building technology that unlocks the potential of LLMs beyond simple question answering. One such technology is AI agents. An AI agent is a program that can autonomously perform tasks on your behalf, with minimal user interaction and without requiring explicit prompts for any action, from organizing your email and surfing the web to handling customer support.
AI agents are designed to perform administrative tasks on your behalf
Major players in the AI industry have already started developing their own AI agents, such as OpenAI’s ChatGPT agent and Google’s Gemini agent. But one AI agent that has mysteriously gone viral in recent weeks and is the talk of the tech community is OpenClaw, developed by Peter Steinberger. The project was originally launched as Clawdbot, but following copyright claims by Anthropic AI, it was renamed to Moltbot and eventually OpenClaw, while retaining its lobster-themed identity.
Why the sudden interest in OpenClaw?
Tech-savvy users can already integrate LLM into their own programs to automate many of the tasks that OpenClaw and other AI agents are intended to provide. However, this is limited to some enthusiasts. Most users don’t have the time, patience, or technical expertise to do so. OpenClaw has significantly lowered this barrier.
With a relatively simple setup, users can install OpenClaw on their computers, select an external LLM (such as ChatGPT) from a simple dashboard, and communicate via familiar messaging platforms such as WhatsApp or Slack. Several additional features contributed to its popularity. It runs locally on the user’s machine rather than on external infrastructure, supports persistent memory that retains context and adapts over time, and is open source.
Most importantly, it’s easy to use. By issuing instructions through a messaging app, the agent can run autonomously on your computer without the need for repeated reboots or manual intervention.
These features attracted users. Enthusiasm for OpenClaw quickly grew, and entrepreneur Matt Schlicht created an Internet forum called Moltbook. This forum is similar to Reddit, but is dedicated to AI agents and allows agents to post, interact, and chat with each other about a wide range of topics. People have been using OpenClaw for a variety of tasks. Some users have deployed OpenClaw to trade on their behalf.
OpenClaw’s popularity skyrocketed, reaching over 170,000 stars on GitHub in a surprisingly short period of time. GitHub Stars serves as the de facto rating system for open source projects, ranking OpenClaw at number 27 among GitHub’s top 100 repositories.
Everything looks nice and nice, until you realize it’s a security nightmare.
One reason for the long development cycles for AI agents is the potential for misuse. We are still exploring ways to prevent sensitive information from being accidentally exposed to third-party hosted LLMs. However, unlike standard conversational LLM, AI agents have access to much more than what is explicitly sent as a prompt. We may process your credit card information, telephone number and other personal data to arrange your purchases and reservations. If something goes wrong, this data can be exposed or even worse, exploited by hackers. Needless to say, AI agents require armor-like security.
Should users trust AI agents like OpenClaw with their personal data?
As Steinberger admits, security wasn’t at the forefront of OpenClaw’s creation, starting as a weekend project and making security a top priority going forward. Therefore, it is not surprising that OpenClaw has been demonstrated to have a large number of vulnerabilities.
For example, LLM is known to be vulnerable to prompt injection attacks (malicious prompts that instruct LLM to behave in unexpected ways). This means that an LLM-powered AI agent could be induced to reveal a user’s personal data via hidden prompts inserted into scripts on the web pages the agent visits.
Other attacks are less speculative. OpenClaw stores credentials, such as a software developer’s API key, in clear text without encryption at rest, making the credentials potentially accessible to other processes on the computer. These credentials can be stolen through prompt injection or if the system is compromised.
Another potential attack involves community-created AI agent “skills.” These skills are programs built by users to enable AI agents to perform specific tasks. However, because OpenClaw has access to your computer’s command line (a powerful interface used to control your computer), malicious skills can exploit this access to execute harmful commands. Using elevated privileges in this way can cause far more damage to a user’s computer than a normal application.
What lessons can we learn from this?
Technology enthusiasts are quick to jump on new and exciting AI technologies that have the potential to disrupt and improve the way we do things today. That’s understandable. However, new technologies such as OpenClaw that are rushed to end users often do not necessarily incorporate security best practices.
However, the rapid pace at which AI technology evolves cannot be slowed down. AI is unique, and the benefits gained from its machine learning capabilities will continue to accelerate its amazing capabilities and capabilities, helping us, for example, create self-driving cars, humanoid robots, or devise customized genetic medicines.
A model of stable and prudent governance may not be achievable in a global technological race. This is reminiscent of the early days of the internet in the 1990s. There, security took a backseat as governments, banks, and other large organizations rushed to build out their IT infrastructures, even though they felt they were moving too quickly to fully control them.
What’s different now is that the pace of AI adoption is breakneck.
This requires a more dynamic approach. Governments, businesses and academic experts need to be fully engaged with each of these technologies as they emerge, shaping development based on agreed guardrails and accepting that the window between innovation and adoption is narrower than ever before.
This is an exciting challenge, and the opportunities presented by AI are more than just marketing hype. If used wisely, this is a once-in-a-generation opportunity that will yield unimaginable new tools and discoveries that will help humanity solve some of our greatest challenges.
This story was originally published by Innovation Aus.
