SlowMist Flags Major Security Risk in Clawdbot AI
A new artificial intelligence (AI) assistant, Clawdbot, is under scrutiny after researchers warned that a poor setup could expose personal data online.
Blockchain security firm SlowMist confirmed on January 27 that a “gateway exposure” was found, which put “hundreds of API keys and private chat logs at risk”.
The company also said that some servers can be accessed without a login, and that coding issues could allow attackers to steal credentials or run remote commands.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
How to Invest in Crypto: 6 Rewarding Strategies (Animated)
Security researcher Jamieson O’Reilly, who first shared the details on January 25, explained that many users have made their Clawdbot servers public without realizing it.
Clawdbot was developed by Peter Steinberger as an open-source personal assistant that runs directly on a user’s device. Its gateway links large language models to messaging platforms, which enables the bot to send messages or perform tasks via a web dashboard called “Clawdbot Control”.
According to O’Reilly, the main problem occurs when the gateway is behind a reverse proxy that is misconfigured. This setup flaw can let anyone bypass login protection.
Using public internet scanners like Shodan, O’Reilly said it took only seconds to find open servers by searching for “Clawdbot Control”.
O’Reilly urged anyone running Clawdbot to check their setup immediately. He advised, “Audit your configuration today”.
Recently, cybersecurity expert Jeremiah Fowler revealed a database containing login details stolen from malware-infected phones and computers. What did he say? Read the full story.
Source link
