Skip to main content

Major Security Flaws Found in Popular AI Platforms

AI Platforms Expose Sensitive Data Through Critical Flaws

Security experts are sounding the alarm after discovering gaping vulnerabilities in OpenClaw (formerly Clawdbot) and Moltbook, popular platforms in the AI ecosystem. These weaknesses could give attackers nearly unfettered access to sensitive data and system controls.

Image

Shockingly Low Security Scores

Developer Lucas Valbuena's tests using ZeroLeaks revealed OpenClaw scored a dismal 2 out of 100 on security assessments. The platform proved vulnerable to:

  • 84% success rate for data extraction
  • 91% success rate for prompt injection attacks

"These numbers should terrify anyone using these platforms," Valbuena noted. "It's like leaving your front door wide open with a sign saying 'Take what you want.'"

Database Left Completely Exposed

The situation appears even worse for Moltbook, where security researcher Jamieson O'Reilly found:

  • Entire databases accessible on public networks
  • Secret API keys available to anyone
  • Potential for impersonating high-profile users like Andrej Karpathy

The vulnerabilities affect servers globally, with 954 exposed Clawdbot instances identified across China, the U.S., Germany and other countries.

Expert Recommendations

While perfect protection remains elusive, cybersecurity specialists advise:

  1. Never store sensitive data directly in configuration files
  2. Use environment variables for key management
  3. Implement Cloudflare Tunnel or zero-trust login systems
  4. Conduct regular security audits using tools like ZeroLeaks

The discoveries highlight growing pains in the rapidly expanding AI agent ecosystem, where security often plays catch-up with functionality.

Enjoyed this article?

Subscribe to our newsletter for the latest AI news, product reviews, and project recommendations delivered to your inbox weekly.

Weekly digestFree foreverUnsubscribe anytime

Related Articles

360 Group Tackles AI Security Risks with New OpenClaw Guide
News

360 Group Tackles AI Security Risks with New OpenClaw Guide

360 Group has unveiled China's first security guide specifically designed for OpenClaw, addressing critical vulnerabilities in AI agent deployment. The comprehensive framework tackles everything from prompt injection attacks to privilege escalation risks, offering tailored solutions for individual developers and large enterprises alike. This initiative signals a crucial industry shift toward prioritizing security alongside functionality in AI development.

March 11, 2026
AI SecurityOpenClawCybersecurity
Microsoft Sounds Alarm on OpenClaw AI Security Risks
News

Microsoft Sounds Alarm on OpenClaw AI Security Risks

Microsoft warns enterprises against deploying its OpenClaw AI assistant on standard workstations due to serious security vulnerabilities. The autonomous agent's high-privilege access makes it susceptible to indirect prompt injections and skill-based malware attacks. Recent findings reveal over 42,000 exposed control panels globally, prompting Microsoft to recommend strict isolation protocols.

February 24, 2026
AI SecurityMicrosoftEnterprise Technology
Volcano Engine Fortifies AI Assistants with New Security Shield
News

Volcano Engine Fortifies AI Assistants with New Security Shield

ByteDance's Volcano Engine has unveiled a major security upgrade for its ArkClaw AI assistant platform. The new safeguards tackle vulnerabilities exposed by open-source tools like OpenClaw, implementing cloud-native sandboxing and strict permission controls. This transforms potentially risky AI agents into accountable 'digital employees' with full behavioral tracking - crucial protection as businesses increasingly adopt generative AI.

March 12, 2026
AI SecurityEnterprise TechnologyCloud Computing
News

Claude AI Spots 100 Firefox Flaws in Record Time

In a cybersecurity breakthrough, Mozilla partnered with Anthropic's Claude AI to uncover over 100 Firefox vulnerabilities within two weeks. The AI detected 14 critical security risks along with numerous lesser issues, demonstrating superior efficiency compared to traditional testing methods. These findings have already been patched in Firefox's latest update.

March 9, 2026
CybersecurityAI InnovationBrowser Safety
Douyin Assistant Denies Security Flaws Amid Online Controversy
News

Douyin Assistant Denies Security Flaws Amid Online Controversy

ByteDance's Douyin Assistant team has responded to recent online rumors about security vulnerabilities, calling them 'malicious hype' and 'black PR.' The company states it hasn't received any formal vulnerability reports and maintains its product complies with cybersecurity regulations. While acknowledging circulating demonstration videos, Douyin emphasizes these require active user participation and says it's already upgraded protective measures.

February 27, 2026
Douyin AssistantCybersecurityAI Controversy
Google's AI Crackdown Leaves Email Automation Users in the Cold
News

Google's AI Crackdown Leaves Email Automation Users in the Cold

Google has escalated its battle against AI-powered email automation, with users of tools like OpenClaw reporting complete account suspensions. The tech giant isn't just restricting access to Gmail - entire Google accounts are being wiped out, taking years of stored data with them. Security experts warn that AI agents' unnatural behavior patterns and some users' attempts to bypass paid features have crossed Google's red lines. While developers scramble for solutions, affected users face the harsh reality of permanently lost emails, photos, and documents.

February 25, 2026
GoogleEmail AutomationAI Security

Popular Articles

1

TSMC Reports Record Revenue, AI Growth Fuels Optimism for 2025

News2

Demand for Human Customer Service Grows Amid AI Limitations

News3

Anthropic Enhances Claude AI for Financial Analysts

News4

Nano Banana 2 Redefines AI Art with Pinpoint Precision

News5

Breakthrough in Robot Vision: AI Now Understands 3D Space Better

News