Clawdbot AI assistant flaw leaves control servers and private credentials exposed

Cybersecurity researchers have warned that a misconfiguration flaw in the Clawdbot AI assistant is exposing control servers, API keys and private chat logs. The open-source tool, created by Peter Steinberger and run locally on user devices, can be discovered via internet scans when its gateway sits behind an unconfigured reverse proxy. Investigators say the issue could allow unauthorized access to credentials, message histories and remote command execution across hundreds of installations.