In partnership with
THE JARVIS DELUSION
The marketing world is currently gripped by a feverish obsession with "Agentic AI," chasing the dream of a "Jarvis-like" assistant that finally moves beyond simple chat to autonomous execution. Into this void stepped Clawdbot (now rebranded as Moltbot), an open-source sensation with over 69,000 GitHub stars that promises to be the "AI that actually does things." However, as growth leads and CMOs rush to optimise their bespoke workflows with this viral tool, they must realise that the very features causing the hype are currently giving security experts a collective breakdown. What looks like the ultimate productivity hack is, in its current state, a "shell-less" lobster, vulnerable, exposed, and potentially a wide-open back door into your corporate infrastructure.
"ACTUALLY DOING THINGS" MEANS ACTUALLY GIVING AWAY THE KEYS
The core appeal of Moltbot lies in its ability to function where you already communicate, WhatsApp, Telegram, and Slack, while managing your calendar, emails, and even flight check-ins. The hype is so palpable that Best Buy reportedly sold out of Mac Minis in San Francisco as users scrambled to set up "always-on" personal servers. But for a bot to "do things" autonomously, it requires more than just a conversation; it requires system-level access and your stored account credentials.
To gain this convenience, users are essentially handing over the "keys to their identity kingdom." You cannot have an AI that triages your inbox or manages your bank-linked apps without granting it the power to potentially leak that entire ecosystem.
"‘Actually doing things’ means ‘can execute arbitrary commands on your computer.’" , Rahul Sood, CEO and co-founder of Irreverent Labs.
For strategic leaders, the "so what" is clear: agency is a double-edged sword. Palo Alto Networks has already labelled AI agents as the "insider threat of 2026." True autonomy turns a helpful assistant into a high-privilege user that bypasses traditional human-in-the-loop safeguards.
THE "LOCAL-FIRST" SECURITY MYTH
A major selling point for the prosumer crowd is that Moltbot runs locally, supposedly creating a secure "moat" around data. However, findings from researchers at Hudson Rock and Jamieson O’Reilly (Dvuln) have debunked this assumption.
Local Hosting Does Not Equal Data Security Moltbot has been found to store sensitive secrets, including API keys and credentials, in plaintext Markdown and JSON files on the local filesystem. This creates what Eric Schwake of Salt Security calls a "Visibility Void," where users share corporate tokens with a system they cannot easily audit. If the host machine is infected with common infostealer malware, specifically strains like Redline, Lumma, or Vidar, these plaintext secrets are a trivial harvest. A Mac Mini sitting in the corner of an office, if misconfigured or exposed to the web, becomes an unmonitored gateway for supply chain contamination.
Get a Personalised AI Marketing Action Plan
Complete a quick 8-question audit to receive a personalized AI Marketing Action Plan (free - normally reserved for consultancy clients), which gives you:
Your AI Marketing Maturity Score
A clear view of what you’re already doing well
What to focus on next 30/60/60 day plan (without overwhelm)
Connect your teams and data on one CRM.
Stop juggling tools that don’t talk to each other. HubSpot Smart CRM puts emails, calls, notes, and meetings in one unified system.
Get your team on the same page with:
Contact management with complete interaction history
Deal tracking and pipeline visibility
Meeting scheduler integrated with your calendar
Team collaboration tools so everyone stays aligned
AI that organizes everything automatically
Free to start. Setup takes minutes. Start growing today.