SAN FRANCISCO, January 27, 2026, 01:14 (PST)
- Security company SOCRadar reported discovering 1,009 Clawdbot gateways exposed to the public through scans.
- Clawdbot’s rise has driven some users to pick up Apple’s Mac mini just to keep the tool running nonstop.
- Creator Peter Steinberger advised users against purchasing new hardware and recommended sticking to fundamental security practices.
Cybersecurity company SOCRadar revealed that over 1,000 Clawdbot instances—an open-source AI assistant gaining traction—are exposed online. Their Shodan searches, which scan internet-connected devices, uncovered 1,009 Clawdbot gateways accessible directly from the public internet.
The warning comes as Clawdbot escapes the developer niche and starts gaining wider attention, with explainer articles and demos popping up all over in the last 24 hours. Early users aren’t just seeing it as a chatbot—they’re calling it an “agent,” software that can actually perform tasks on a computer, not just respond to queries.
The hardware hype is real. Some users are snapping up Apple’s Mac mini to keep Clawdbot running around the clock, Business Insider revealed, hooking it into calendars, emails, and message threads. But creator Peter Steinberger urged, “Please don’t buy a Mac Mini,” noting it can run on Amazon’s free tier instead. Andreessen Horowitz partner Olivia Moore called it “likely too steep” a learning curve, while ex-Microsoft exec Rahul Sood warned of “zero guardrails by design,” according to the report.
Clawdbot operates directly on a user’s device and responds through platforms like WhatsApp, Telegram, Slack, Discord, and iMessage, per the project’s documentation. Early Tuesday, its main repository on GitHub had around 56,000 stars, along with hundreds of open issues and pull requests.
SOCRadar called Clawdbot a bridge linking large language models (LLMs) with real-world execution environments. It channels messages from chat apps via a persistent process. In most setups, it can handle file reading and writing, run shell commands, and keep long-term state.
That setup piles on the risk. SOCRadar warned that exposed control interfaces can leak API keys, bot tokens, and OAuth secrets — all credentials that let software operate as the user. In some configurations, command execution remains open without proper access controls.
The company highlighted common infrastructure issues, like reverse proxies—servers positioned ahead of applications that route traffic—where misconfigurations can trick systems into treating external requests as if they originated from “localhost.” It also noted that Clawdbot Control carries a unique web fingerprint, allowing internet-wide scanners to quickly identify exposed instances.
Clawdbot is one piece of a larger effort to take AI beyond simple chat. While most users still rely on popular platforms like OpenAI’s ChatGPT or Anthropic’s Claude for information, agent tools aim to handle tasks like scheduling, file transfers, and messaging autonomously—no human needed at every turn.
Adoption might prove fragile. A breach linked to exposed gateways or a surge in user mistakes leaking private chats and credentials could rapidly dampen enthusiasm, especially among smaller teams and less tech-savvy users.
Chinese tech outlet 36kr dubbed Clawdbot a “Claude with hands,” noting its rapid rise as a sensation in Silicon Valley. The bot has sparked buzz about a 24/7 “AI employee” and fueled a push to install it on always-on devices such as the Mac mini.
Steinberger has warned potential users to review the project’s security guidelines carefully and steer clear of adding the bot to group chats, where private data can quickly leak. Right now, Clawdbot serves as a live experiment in consumer AI’s direction—and just how chaotic things get when the assistant gains control.
