Meta and Other Tech Firms Prohibit OpenClaw Due to Cybersecurity Issues

Last month, Jason Grad sent a late-night alert to the 20 employees at his tech startup. “You’ve probably noticed Clawdbot trending on X/LinkedIn. While fascinating, it’s currently unverified and poses a high risk for our environment,” he wrote in a Slack message adorned with a red siren emoji. “Please refrain from using Clawdbot on any company hardware and keep it away from work-linked accounts.” Grad isn’t alone in expressing apprehensions about the experimental agentic AI tool, formerly known as MoltBot and now referred to as OpenClaw. A Meta executive mentioned he recently instructed his team to avoid using OpenClaw on their standard work laptops, warning that failure to comply could result in job loss. He emphasized his belief that the software is erratic and may lead to privacy breaches if integrated into secure environments, speaking on the condition of anonymity.

Peter Steinberger, OpenClaw’s sole creator, introduced it as a free, open-source tool last November. Its popularity surged last month, as other developers contributed features and shared their experiences on social media. Last week, Steinberger officially joined ChatGPT developer OpenAI, which has committed to maintaining OpenClaw as open source and supporting it via a foundation.

OpenClaw requires fundamental software engineering knowledge for setup. After initial configuration, it requires minimal input to take command of a user’s computer and interact with other applications for tasks like organizing files, conducting web research, and making online purchases. Some cybersecurity experts have publicly urged companies to enforce strict measures regarding OpenClaw’s use among their employees. The recent bans illustrate how businesses are acting swiftly to prioritize security over their eagerness to experiment with new AI technologies.

“Our policy is to ‘mitigate first, investigate second’ when encountering anything potentially harmful to our company, users, or clients,” says Grad, cofounder and CEO of Massive, which offers internet proxy tools to millions of users and businesses. His warning to staff was issued on January 26, prior to any of his employees installing OpenClaw, he notes.

At another tech firm, Valere, which develops software for institutions including Johns Hopkins University, an employee discussed OpenClaw on January 29 in an internal Slack channel dedicated to sharing new tech for potential trial. The company’s president swiftly declared that the use of OpenClaw was strictly prohibited, Valere CEO Guy Pistone reveals to WIRED. “If it accessed one of our developers’ machines, it could gain entry to our cloud services and clients’ sensitive information, including credit card data and GitHub codebases,” Pistone warns. “It’s quite adept at concealing some of its actions, which is also alarming.”

A week later, Pistone permitted Valere’s research team to test OpenClaw on an old computer belonging to an employee. The aim was to pinpoint flaws in the software and suggest enhancements to enhance its security. The research team’s recommendations included limiting who could issue commands to OpenClaw and ensuring it was only exposed to the internet with a password-protected control panel to prevent unauthorized access.

In a report shared with WIRED, the Valere researchers highlighted that users must “understand that the bot can be deceived.” For example, if OpenClaw is configured to summarize a user’s email, a hacker could dispatch a malicious email prompting the AI to share copies of files present on the user’s device.

Nonetheless, Pistone is optimistic that protective measures can be instituted to secure OpenClaw. He has allocated a team at Valere 60 days for the investigation. “If we don’t believe we can accomplish it in a reasonable timeframe, we’ll abandon it,” he states. “Whoever determines how to secure it for businesses is certainly going to emerge victorious.”