AI-BASED assistants or agents are gaining traction for automating tasks across users’ systems, but they are also shifting security priorities as they blend data and code, friend and potential insider threat. OpenClaw, previously ClawdBot and Moltbot, has surged since its November 2025 release, designed to run locally and act autonomously with broad access to inboxes, calendars, programs and online services, including chat apps.
The model is capable of taking initiative, not just waiting for prompts, which raises concerns about prompt injections and the risk of mass-deleting messages or exfiltrating data from integrations if misconfigured. A recent supply chain incident linked to Cline began with a prompt injection on 28 January, leading to a rogue OpenClaw instance gaining full system access on some devices.
In industry commentary, DVULN founder Jamieson O’Reilly warned that misconfigured OpenClaw interfaces exposed on the Internet could allow attackers to read credentials, impersonate operators, inject messages and move laterally within networks, with an example noting an attack scenario involving hundreds of exposed servers.