The era of autonomous AI agents is here, and with it comes new responsibilities for how we deploy and secure these powerful tools.
The recent discovery of more than 21,000 publicly available OpenClaw instances revealed that widespread misconfiguration puts users at serious risk. With the misconfiguration of the associated Moltbook social network, which exposed API keys and login tokens, it is clear that the issue of secure use of these powerful AI agents needs to be addressed.
The real risk: the configuration, not the AI itself
The biggest risk is not AI itself, but how people configure it. These AI agents have privileged access to your system, persistent memory of your activities, and the ability to execute code autonomously. When thousands of instances are exposed on the Internet, it’s a recipe for disaster.
Malware spreads via skill packs, infostealers hide in community extensions, and exposed instances leak sensitive data like API keys and OAuth tokens. The misconfigured Moltbook database, for example, exposed the email addresses, login tokens, and API keys of all AI agents. These supply chain vulnerabilities have caused significant damage before, but now compromised entities can act autonomously on your behalf.
The critical threat: prompt injection
Prompt injection is perhaps the most critical threat. Because OpenClaw can read your emails and messages, a malicious actor can create content that hijacks the agent’s behavior, turning your own AI assistant into a weapon against you.
Unlike traditional cyberattacks that target software vulnerabilities, prompt injection exploits the very nature of these agents: their ability to interpret and act on natural language instructions. A simple email with hidden instructions can be enough to reprogram your agent to exfiltrate sensitive data, modify documents, or perform malicious actions, all while appearing to function normally.
The danger is all the greater as these agents have privileged access to your systems and a persistent memory of your activities. Once compromised, they don’t just leak information: they act autonomously on your behalf, with all the credibility and permissions you have granted them.
Essential Security Steps
A crucial first step is to ensure that your AI assistant is not exposed to the public internet. If you self-host your server on a VPS or home server, you need a secure tunnel to access it, not just an open port on the public Internet. Solutions like encrypted peer-to-peer networks or virtual private networks can create direct, encrypted connections between your devices without going through third-party servers, allowing you to access your self-hosted instance as if it were on your local network while keeping it completely invisible on the public Internet.
But secure access is just one layer: you also need to configure the assistant’s permissions and limit the devices and systems it can interact with.
- Don’t neglect the fundamentals
The convenience of autonomous AI agents should never come at the expense of security. Before deploying, carefully read the security documentation, use isolated systems, and implement appropriate authentication. If you’re unsure of your ability to secure a self-hosted deployment, consider whether the risks outweigh the benefits.
