A hacker demonstrated that the viral new AI agent Moltbot (formally Clawdbot) is easy to hack via a backdoor in an attached support shop. Clawdbot has become a Silicon Valley sensation among a certain type of AI-booster techbro.
https://www.404media.co/silicon-valleys-favorite-new-ai-agent-has-serious-security-flaws/
If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/josephcox/statuses/115985218598483708 on your instance and quote it. (Note that quoting is not supported in Mastodon.)
RE: https://infosec.exchange/@josephcox/115985218598483708
What a 💩-show at the cutting edge of AI 😅
As the article states there are plenty of things you can do to mitigate the risks, but it seems convenience is just too much of a draw. I know of some people who are gleefully installing this right now. Personally I'm seeing how AI can be powerful and useful in some cases, but this level of abdication? That's crazy.
