ACCORDING to Trend Micro, OpenClaw, formerly Clawdbot/Moltbot, marks a shift from chatbots to a “sovereign agent” that runs on local hardware with root-like access and persistent memory. The piece notes that OpenClaw reads local files and can execute code, effectively granting high privileges to probabilistic models, with a layer of exposure through channels such as WhatsApp and Telegram.
It highlights a fourth multiplier to the Lethal Trifecta—Persistence—driven by a local-first architecture that writes data to a JSON file on disk, enabling time-shifted attacks where a malicious prompt might be triggered weeks later. The analysis cites the Moltbook disaster in which a misconfigured database exposed 1.5 million API tokens and thousands of private direct messages during late January 2026, affecting high-profile users.
It also describes defensive recommendations, including sandboxing inside ephemeral containers, human-in-the-loop confirmations for high-stakes actions, decentralised identity for agents, and active guardrails such as TrendAI Vision One AI Security to block injection-based instructions before execution.