All gas, no brakes: Time to come to AI church

• All gas, no brakes: Time to come to AI church Welcome to this week’s edition of the Threat Source newsletter. • Brothers and sisters, gather close for a moment. • We are all security followers here gathered in fellowship and community, with one joyful spirit to fight the good fight and do good out there in the security world. • It is with that spirit that I have to mentionClawdbot. • Clawdbot (aka Moltbot or OpenClaw) is a locally run open-source agentic application that acts on your behalf. • Want to check into a flight?

Article Summaries:

• The Threat Source newsletter warns that the open‑source agentic tool Clawdbot (also called Moltbot or OpenClaw) poses significant security risks. Although it can automate tasks such as email replies or code deployment, it requires users to supply all private credentials, which are stored in plaintext and can be easily stolen. The post cautions that the tool’s “Skills” feature-allowing it to perform administrative actions-has not been vetted and is already being exploited. In addition, the newsletter highlights the discovery of DKnife, a modular Linux‑based framework that can hijack routers and edge devices, intercept traffic, and deliver malware. The overall message urges security professionals to be skeptical of rapidly released AI tools and to protect credentials and network devices from emerging threats.

Sources:

• https://blog.talosintelligence.com/all-gas-no-brakes-time-to-come-to-ai-church/