Moltbot security alert exposed Clawdbot control panels risk credential leaks and account takeovers

Misconfigured AI control panels left sensitive data and systems exposed online.

Public control panels leak private data

A recent investigation has uncovered hundreds of internet-facing control interfaces linked to Clawdbot, an open-source AI agent platform designed to connect large language models with messaging apps and automation tools. These exposed dashboards were not obscure development articles, but live administrative panels reachable by anyone who knew exactly where to look.

In multiple cases, access to these interfaces let outsiders view configuration data, retrieve API keys and browse full conversation histories from private chats and file exchanges. Since the platform is designed to act persistently on behalf of users, these control panels effectively served as master keys to the digital environments they managed.

The risks of giving agency to AI agents

The risk went well beyond passive data exposure – Clawdbot agents can actively send messages, run tools and execute commands across services such as Telegram, Slack and Discord. With access to the control layer, a threat actor could effortlessly impersonate the operator, inject rogue messages into ongoing conversations and even stealthily siphon data through trusted integrations.

Some deployments were even more severe. A few exposed instances reportedly allowed unauthenticated command execution on the host system, in certain cases running with elevated privileges. That combination of persistent access, stored credentials and operational autonomy greatly raises the stakes compared to traditional web app breaches.

A common misconfiguration with great impact

The issue stemmed not from an exotic exploit, but a classic deployment misconfiguration. A combination of localhost trust assumptions and reverse proxy setups caused some internet connections to be treated as local – and therefore automatically approved. While many instances were properly secured, the exposed ones showed just how fragile defaults can become at scale.

Another notable aspect of this incident is the architectural concentration of power. AI agents are designed to read messages, store secrets and execute actions – features that are all essential to their use cases. When misconfigured, the very design that serves as their backbone can collapse multiple security boundaries at once.

Quiet rebrand

Readers searching for Clawdbot may notice that the service underwent an identity shift. The project has been rebranded as Moltbot, with its agent name changing from Clawd to Molty, following a trademark request supposedly tied to name similarities with Anthropic’s Claude.

According to the developers, the mission and functionality remain the same, only the “shell” has changed.