January 28, 2026 By Bill Toulas
Security researchers are warning of insecure deployments in enterprise environments of the Moltbot (formerly Clawdbot) AI assistant, which can lead to leaking API keys, OAuth tokens, conversation history, and credentials.
Moltbot is an open-source personal AI assistant with deep system integration created by Peter Steinberger that can be hosted locally on user devices and integrated directly with the user’s apps, including messengers and email clients, as well as the filesystem.
Unlike cloud-based chatbots, Moltbot can run 24/7 locally, maintaining a persistent memory, proactively reaching out to the user for alerts/reminders, executing scheduled tasks, and more.
This capability and ease of setup have made Moltbot viral quickly, even driving up sales of Mac Mini as people sought dedicated host machines for the chatbot.