Personal AI Agent Creates Security Nightmare
Unless you have been living off the grid for the last you are familiar with and have probably used AI. If you use Google, the first part of the results of any search is AI in action.
The next level of AI is to create agents that do simple tasks for you. It could be scheduling something on your calendar or buying something or, for your business, doing all sorts of business tasks.
Up until now we have had a bit of structure with large companies hosting these agents and helping you create them.
But then comes Claude from Anthropic.
Claude is a competitor to ChatGPT and it has a cousin, Clawdbot, but which is not part of Anthropic. Unlike other AI agent technology, you can run this one on your own computer and it can be controlled by messaging apps like WhatsApp and Telegram.
Sounds neat; what could go wrong?
The developer had a trademark concern over the name, so they just renamed it Moltbot. So, now, in the middle of this post, I am going to change the name on you, much like they did for its customers.
But Moltbot is open source, anyone can deploy it, anywhere. And, apparently, lots of non-It people are. After all, most people have installed some piece of software in their life. How is this any different?
Well, apparently, there were some configuration issues which allowed anyone who looked for and found a Moltbot server exposed to the Internet and which was not configured correctly to do things like extract your credentials and API keys. Kind of a problem. Security researchers found over 1,000 exposed servers, demonstrated prompt injection attacks and documented a supply chain proof of concept attack.
The renaming didn’t help because, for some dumb reason, after they renamed it, they released the old Github and X names, which hackers registered instantly. You can figure out the implications of that.
The developers have closed the holes that security researchers found but the fundamental problem remains and will only get worse.
You are giving users who are not technical and who do not understand security an incredibly powerful tool and they will use it in unexpected ways that will cause them pain and financial loss. And it they have access to your data, then to you as well.
If you are going to use any tool like this it is critical that you understand how to secure it. If you need assistance, please contact us.
Credit: Acuvity and The Register
by 