Token Security Warns of Widespread Clawdbot Use Inside Enterprises

According to a report by Token Security, one in five enterprises have employees running the open-source AI assistant Clawdbot—also known as Moltbot—inside their organizations. The company’s analysis found that 22% of customers showed evidence of the tool being used, highlighting a growing 'shadow AI' issue in corporate environments.

Clawdbot, created by developer Peter Steinberger, runs locally on Mac or Linux systems and integrates with popular messaging platforms such as Slack, WhatsApp, Telegram, and Microsoft Teams. Unlike browser-based chatbots, it can access and manipulate files, emails, calendars, and even execute terminal commands, giving it deep control over user systems.

Token Security’s researchers identified multiple critical risks, including plaintext credential storage, exposed control servers, and remote code execution vulnerabilities. They discovered hundreds of Clawdbot instances accessible over the internet without authentication, exposing sensitive tokens and conversation histories. The tool’s lack of centralized logging and sandboxing means that corporate data can flow outside security perimeters without detection.

The company advises enterprises to detect Clawdbot installations, audit OAuth and API permissions, and enforce clear AI usage policies. Token Security also offers tools to identify and control AI agent activity, enabling organizations to monitor access to corporate systems and restrict unauthorized integrations.