Clawdbot's viral AI agent hits 60K GitHub stars, promptly turns into infostealers' all-you-can-steal credential buffet for Array VC and beyond

Security researchers have discovered significant vulnerabilities in Clawdbot, an open-source AI agent, which has been exploited by commodity infostealers such as RedLine, Lumma, and Vidar. The agent's implementation lacks mandatory authentication, allowing prompt injection and granting shell access by design. By January 26, hundreds of Clawdbot gateways were exposed to the internet, including API keys and private chat histories. Researchers found that the defaults broke the trust model, leaving port 18789 open to the public internet. Jamieson O'Reilly, founder of Dvuln, demonstrated a supply chain attack on ClawdHub's skills library, reaching 16 developers in seven countries within eight hours. Experts warn that the attack surface is expanding faster than security teams can track, with 40% of enterprise applications expected to integrate with AI agents by year-end, according to Gartner. Itamar Golan, AI security strategy leader at SentinelOne, emphasizes that this is an identity and execution problem, requiring a mindset shift in security leaders to treat agents as production infrastructure.