The growth of OpenClaw (formerly Moltbot/Clawdbot), an open-source, self-hosted AI agent for autonomous task execution and browser control, has triggered major security alarms.
More than 21 000 publicly accessible OpenClaw instances have been discovered online — a potential sign of widespread misconfiguration that could leave users vulnerable.
Additionally, the linked Moltbook social network didn’t have proper configurations, which left the doors open, exposing API keys and login tokens.
Marijus Briedis, chief technology officer at NordVPN, provides insight into the risks and best practices for using these powerful AI agents safely.
“The biggest risk isn’t the AI itself — it’s how people are setting it up. These AI agents have privileged access to your system, persistent memory of your activities, and the ability to execute code autonomously. When thousands of instances are exposed on the internet, you could have a recipe for disaster.
“Malware spreads via skill packages, infostealers can hide in community extensions, and exposed instances leak sensitive data like API keys and OAuth tokens. For example, the misconfigured Moltbook database exposed every AI agent’s email addresses, login tokens, and API keys. Such supply chain vulnerabilities have caused major damage, but now compromised entities can act autonomously on your behalf.
“Prompt injection is perhaps the most critical threat. Because OpenClaw can read your emails and messages, a malicious actor can craft content that hijacks the agent’s behavior, essentially weaponising your own AI assistant against you.
“A critical first step is ensuring your AI assistant isn’t exposed to the public internet. If you’re self-hosting on a VPS or home server, you need a secure tunnel to access it — not just an open port over the public Internet. But secure access is just one layer — you should also configure the assistant’s permissions and limit what devices and systems it can interact with.”
He adds that the convenience of autonomous AI agents should never come at the cost of security. “Before you deploy, read the security documentation thoroughly, use isolated systems, and implement proper authentication. If you’re not confident in your ability to secure a self-hosted deployment, consider whether the risks outweigh the benefits.”