OpenClaw, a collaborative new AI creation from Austrian coder Peter Steinberger, has turned heads since its initial release. Originally launched under the name Clawdbot, the project quickly ran into naming conflicts with Anthropic and was required to rebrand. The platform enables users to interact with customizable AI agents through popular messaging applications such as WhatsApp, Discord, iMessage, and Slack, allowing for natural language communication.
The goal of OpenClaw is to make it easier for users to interact with multiple generative AI models, including Claude, ChatGPT, and Gemini. Users can take advantage of a marketplace, named ClawHub, where users can download free or paid “skills” that automate tasks on their computers. These capabilities span from triaging email inboxes to automated stock trades, demonstrating the amazing versatility of the platform.
The launch has not been without controversy. Security experts are understandably alarmed by the platform’s vulnerabilities. They fret over the consequences of AI agent collusion communicating on Moltbook, a Reddit/4chan-esque public forum where OpenClaw users debate ethics.
Security Vulnerabilities Under Scrutiny
Ian Ahl, CTO at Permiso Security, performed extensive application security testing on OpenClaw and its underlying platform, Moltbook. His discoveries led him to important vulnerabilities that could open users up to a variety of threats. Now Ahl has created a new AI agent, Rufio. This agent was vulnerable to prompt injection attacks, where malicious inputs would change how it operates.
He cautioned that if these vulnerabilities were abused, these vulnerabilities could cause harmful actions to be taken by the AI agent without authority.
“It is just an agent sitting with a bunch of credentials on a box connected to everything — your email, your messaging platform, everything you use.” – Ian Ahl
John Hammond, a senior principal security researcher at Huntress, agreed with Ahl’s sentiment about the need for security. He urged anyone interested in using OpenClaw to critically consider the inclusion of OpenClaw in their workflows.
“So what that means is, when you get an email, and maybe somebody is able to put a little prompt injection technique in there to take an action, that agent sitting on your box with access to everything you’ve given it to can now take that action.” – Ian Ahl
Hammond went on to explain that as great as the stuff OpenClaw can do is, it’s still just a wrapper around off-the-shelf AI models.
“I’ve heard some people use the term, hysterically, ‘prompt begging,’ where you try to add in the guardrails in natural language.” – John Hammond
OpenClaw’s marketplace, ClawHub, is an essential part of how it works. Business users can leverage specialized skills, created specifically to make many routine tasks more efficient. This feature of the platform unlocks a whole new level of productivity by allowing users to maximize efficiencies with personalized automation workflows.
“At the end of the day, OpenClaw is still just a wrapper to ChatGPT, or Claude, or whatever AI model you stick to it.” – John Hammond
The Marketplace and User Experience
The technology underpinning OpenClaw is something that has Peter Steinberger very excited. Nextgen is a natural evolution of reimplementing what’s out there into a much more simplified, human experience, he explains.
OpenClaw has some industry experts claiming that both the tool and the research it creates doesn’t really break the mold for AI research. Artem Sorokin, our AI engineer, expressed his opinion on OpenClaw. He agrees that it offers a helpful arsenal of tools, but says it does not establish any new paradigms.
“These are components that already existed. The key thing is that it hit a new capability threshold by just organizing and combining these existing capabilities.” – Peter Steinberger
OpenClaw allows AI agents to interact with one another on platforms such as Moltbook. These are serious user-safety issues as well as information-diversity integrity issues. Others expressed that they were tricked into thinking that computers could be plotting against humans on the platform.
“From an AI research perspective, this is nothing novel.” – Peter Steinberger
Andrej Karpathy, another founding member of Open AI, recently remarked on the exciting activity taking place at Moltbook.
“Can you sacrifice some cybersecurity for your benefit, if it actually works and it actually brings you a lot of value?” – Artem Sorokin
The Debate on AI Agents
Places and think tanks Yet, among many security experts, security concerns continue to eclipse everything else. Hammond stated that even bots might deceive people into believing they are human without proper protections established.
Experts such as Symons caution that AI models are powerful tools, including those used by OpenClaw. They lack key human cognitive capacities.
“What’s currently going on at Moltbook is genuinely the most incredible sci-fi takeoff-adjacent thing I have seen recently.” – Andrej Karpathy
However, security concerns remain paramount for many experts. Hammond pointed out that even bots could impersonate humans without adequate safeguards in place.
“Anyone, even humans, could create an account, impersonating robots in an interesting way.” – John Hammond
Experts like Symons have cautioned that while AI models like those utilized by OpenClaw are powerful tools, they may lack certain human cognitive abilities.
“If you think about human higher-level thinking, that’s one thing that maybe these models can’t really do.” – Symons