Security experts have raised alarms about the AI assistant Clawdbot, which may inadvertently expose personal data and API keys.
🚨SlowMist TI Alert🚨
— SlowMist (@SlowMist_Team) January 27, 2026
Clawdbot gateway exposure identified: hundreds of API keys and private chat logs are at risk. Multiple unauthenticated instances are publicly accessible, and several code flaws may lead to credential theft and even remote code execution (RCE).
We strongly… https://t.co/j2ERoWPFnh
"A vulnerability in the Clawdbot gateway has been discovered: hundreds of API keys and private chats are at risk. Several unauthenticated instances are publicly accessible. Code flaws could lead to data theft and even remote code execution (RCE)," stated SlowMist.
The company has urged the implementation of strict IP whitelisting for open ports.
Security researcher Jamison O'Reilly stated that "hundreds of people have set up their Clawdbot management servers open to public access."
Clawdbot is an open-source AI assistant developed by entrepreneur Peter Steinberger. It operates locally on the user's device and gained viral popularity over the weekend of January 24-25.
Nature of the Vulnerability
The agent's gateway connects large language models to messaging platforms and executes commands on behalf of the user through a web interface called Clawdbot Control.
The authentication bypass vulnerability occurs when the gateway is placed behind an improperly configured reverse proxy, O'Reilly explained.
The researcher was able to easily find open servers using internet scanning tools like Shodan, searching for specific "fingerprints" in the HTML code.
"Gathering information on the Clawdbot Control request took just seconds. I received hundreds of results using a few tools," he explained.
O'Reilly accessed complete credentials: API keys, bot tokens, secret OAuth keys, signing keys, full chat histories across all platforms, the ability to send messages on behalf of the user, and execute commands.
"If you are using the AI infrastructure of the agent, check your configuration today. See what is actually exposed to the internet," advised the expert.
Theft of Private Keys
Archestra AI CEO Matvey Kukuy was able to obtain an OpenSSH key "in five minutes." He sent an email to Clawdbot with a prompt injection attack and asked the bot to check the email.
Drama in one screenshot:
— Matvey Kukuy (@Mkukkk) January 27, 2026
1) Sending Clawdbot email with prompt injection
2) Asking Clawdbot to check e-mail
3) Receiving the private key from the hacked machine
… took 5 minutes
That's why we build non-probabilistic agentic security in Archestra: https://t.co/ukhV6Z7tl1 pic.twitter.com/2d6OP7mNnv
Clawdbot differs from other AI agents in that it has full system access to the user's computer. It can read and write files, execute commands, run scripts, and control browsers.
It is worth noting that in January, SlowMist identified a "future attack" in the Linux store.