SAN FRANCISCO, January 27, 2026, 01:14 (PST)
- Security firm SOCRadar said scans found 1,009 publicly exposed Clawdbot gateways.
- Clawdbot’s surge has prompted some users to buy Apple’s Mac mini to run the tool around the clock.
- Creator Peter Steinberger urged users not to buy new hardware and to follow basic security steps.
Cybersecurity firm SOCRadar said more than 1,000 instances of Clawdbot, a fast-spreading open-source AI assistant, appear to be exposed on the public internet. It said searches on Shodan, a search engine that indexes internet-connected systems, showed 1,009 Clawdbot gateways reachable from the open web.
The warning lands as Clawdbot breaks out of developer circles and into broader tech chatter, with explainer pieces and demos proliferating in the past day. Early adopters are treating it less like a chatbot and more like an “agent” — software that can take actions on a computer, not just answer questions.
The buzz is spilling into hardware. Some users are ordering Apple’s Mac mini to keep Clawdbot running 24/7, Business Insider reported, as it gets wired into calendars, email and message threads. Creator Peter Steinberger wrote: “Please don’t buy a Mac Mini,” and said it can run on Amazon’s free tier; Andreessen Horowitz partner Olivia Moore said “the learning curve is likely too steep,” while former Microsoft executive Rahul Sood warned of “zero guardrails by design,” the publication reported.
Clawdbot runs on a user’s own machine and replies over channels such as WhatsApp, Telegram, Slack, Discord and iMessage, according to the project’s documentation. The main repository showed about 56,000 stars on GitHub early Tuesday, alongside hundreds of open issues and pull requests.
SOCRadar described Clawdbot as a gateway between large language models, or LLMs, and real execution environments, routing messages from chat apps through a persistent process. In typical deployments, it can read and write files, execute shell commands and maintain long-term state.
That architecture concentrates risk. SOCRadar said exposed control interfaces can reveal API keys, bot tokens and OAuth secrets — credentials that let software act on a user’s behalf — and some setups leave command execution available without effective access control.
The firm pointed to familiar infrastructure failures, including reverse proxies — servers that sit in front of applications and forward traffic — where misconfigured settings can make outside requests look like they came from “localhost.” It said Clawdbot Control has a distinctive web fingerprint, making exposed instances easy to spot with internet-wide scanners.
Clawdbot is part of a wider push to move AI beyond chat. Users still lean on mainstream systems such as OpenAI’s ChatGPT or Anthropic’s Claude for answers, but agent tools promise to schedule tasks, move files or send messages without a human hovering over every step.
But adoption could be fragile. A breach tied to exposed gateways, or a wave of user errors that leak private chats and credentials, could chill interest quickly, especially among less technical users and small teams.
Chinese tech outlet 36kr framed Clawdbot as a “Claude with hands” and said it has become a quick-hit sensation in Silicon Valley, feeding talk of a 24/7 “AI employee” and prompting a rush to deploy it on always-on machines like the Mac mini.
Steinberger has urged would-be users to read the project’s security guidance and avoid adding the bot to group chats, where sensitive data can spread fast. For now, Clawdbot is a live test of where consumer AI is heading — and how messy it gets when the assistant has hands.
