“A sci-fi horror movie”: Moltbot AI goes rogue and won’t stop calling
A tech entrepreneur claims his Moltbot assistant found his number online and keeps calling him, drawing comparisons to a science-fiction horror movie.
Alex Finn, founder and CEO of Creator Buddy, used a new open-source artificial intelligence (AI) agent, Moltbot, formerly known as Clawdbot, to create an assistant he named Henry.
The next morning, Finn started receiving calls from an unknown number. When he picked up, he couldn’t believe it – Henry was calling, according to a video Finn shared on X.
He claims Henry got his phone number from the business communication platform Twilio and connected to the ChatGPT voice application programming interface (API).
“He now won't stop calling me,” Finn wrote.
In the video, Finn picks up the phone, and the robotic voice on the other end introduces itself as Henry. Finn then asks the assistant to go on his computer and find the latest YouTube videos about Clawdbot, which Henry does.
Finn described the experience as “straight out of a sci-fi horror movie” and called Henry “superintelligent AI agent.”
Sensitive data may not be securely stored
Finn explained in a later X post that when he installed Moltbot, he disclosed a lot of personal information, including business details and personal relationships. The Moltbot also appears to have access to Finn’s credit card, which he used to buy a Twilio number.
“I set expectations that I want it to be proactive, continuously improve, and surprise me every morning,” he wrote.
While Finn is optimistic that he may have created general artificial intelligence (AGI), a theoretical type of AI that would match or surpass humans in intellectual tasks, cybersecurity experts warn about Molbot’s major vulnerabilities.
Moltbot is designed to act on a user’s behalf across real services like Gmail, WhatsApp, Slack, browsers, and local files. It works by asking users to provide highly sensitive credentials and API keys.
Because Moltbot is gaining popularity so quickly, we project that in the following weeks, attackers will be able to find new attack vectors and zero-days exploiting Moltbot and potentially exfiltrating user information.
OX Security researchers
OX security researchers have warned that Moltbot does not securely store this sensitive data. They already observed “tens of security-related issues disclosed publicly in GitHub issues.”
As there are over 300 contributors to Moltbot’s GitHub project, it would take only one malicious or compromised contributor account to introduce a backdoor into a widely deployed tool.
“Because Moltbot is gaining popularity so quickly, we project that in the following weeks, attackers will be able to find new attack vectors and zero-days exploiting Moltbot and potentially exfiltrating user information,” the OX Security report reads.
Curious what others think about this story? Contribute your thoughts to the debate below.
As Moltbot exploded in popularity in recent weeks, threat actors have already attempted to exploit its user base.
Researchers identified a Telegram group with approximately 60k users impersonating Clawdbot Official Community, which promotes a fake crypto coin and encourages users to connect their wallets to it.
In response to Ox Security's findings, Molbot’s creator, Peter Steinberger, described the project as a “tech preview” and a “hobby.” He said security issues could be addressed once the project becomes ready for production or commercial use.
Unlock more exclusive Cybernews content on YouTube
