The OpenClaw security incident—once called Clawdbot and Moltbot—hit hard in the AI space, where quick growth often means overlooked risks. This open-source AI agent went viral, then turned into a headache with exposed data across countless setups. Google’s Gemini jumped in, spotting and patching a key flaw fast. The whole thing points to why Apple’s tie-up with Google on AI isn’t as odd as it seemed, especially given Apple’s emphasis on keeping data secure and private.
OpenClaw started as a local AI assistant that hooks into apps like WhatsApp, Telegram, Slack, Discord, and iMessage. It runs shell commands, handles files, manages emails and calendars, and acts on prompts without much oversight. Developer Peter Steinberger built it, and it shot up on GitHub, grabbing over 180,000 stars almost overnight. The draw? It’s “agentic”—it doesn’t just respond; it does stuff, like placing orders or executing code from plain text.
But that capability brought trouble. With so many people jumping on it, setups got sloppy. Researchers found more than 21,000 exposed instances online, spilling API keys, OAuth tokens, configs, and chat logs. Bitdefender flagged hundreds of open control panels that could leak credentials or lead to takeovers, some without any login required. Palo Alto Networks noted how Moltbot’s memory and independence made it vulnerable—attackers could slip bad code into messages on apps like Signal. OX Security dug in and saw credentials stored plain in ~/.clawdbot, setting up for easy breaches, worsened by weak supply chains and code flaws.
It went beyond leaks. Prompt injections let attackers grab API keys and WhatsApp sessions in no time. A big issue was an Arbitrary Local File Inclusion bug in the media handling, dodging tool limits and sandboxes. Malicious setups could pull sensitive stuff like app secrets, user chats, and system files, even SSH keys or /etc/passwd. Data got sent out as attachments through the same messaging paths, flipping a helpful tool into a leak factory.
That’s where Gemini stepped up. Using its open-source code security agent on the Gemini CLI, it caught that LFI flaw in OpenClaw. The agent built a proof-of-concept exploit, wrote up a report, submitted a GitHub pull request, and got the patch merged quickly. Evan Otero from Google posted about it on X, explaining how open-sourcing this helps build confidence by speeding up secure coding. Available as a GitHub App, it fits right into dev workflows for ongoing scans.
This quick fix matters beyond OpenClaw. It shows AI can spot its own weak spots. Cisco’s analysis pointed out how these agents widen attack surfaces through connected apps, where rogue features act like hidden entries. Dark Reading described OpenClaw as “Claude with hands,” noting how its access skips usual safeguards. When AI takes on real tasks with private data, tools like Gemini’s become crucial.
Tie this to Apple’s move. In January 2026, Apple and Google kicked off a long-term deal, building Apple’s models on Gemini tech. This drives new Apple Intelligence, like an upgraded Siri, on Apple hardware and Private Cloud Compute—a setup with full encryption and no stored data. Tim Cook made it clear: privacy stays the same, with on-device and PCC handling everything.
Some doubted Apple’s shift from OpenAI. But the OpenClaw fallout backs it up. Apple’s PCC means no peeking, even by its own team, matching Google’s AI security know-how seen in the Gemini patch. eMarketer sees this as reshaping AI trust, turning privacy into a key selling point amid leak worries. LinkedIn talks flagged risks like hidden text fooling AI, but Apple’s local processing cuts many threats. TheStreet called out the “hidden catch”: Gemini boosts features, but Apple keeps control to protect privacy.
Bottom line, Apple’s Google link uses that security edge without ditching its principles. As AI agents spread, unchecked ones invite trouble like OpenClaw’s. Gemini-style tools automate fixes, letting progress happen with checks in place.
Gemini fixed it? Yeah. And Apple’s choice looks solid—teaming with Google strengthens AI while holding onto security and privacy. In a field full of holes, this could become the norm for building AI right.
Leave a Reply