Explore the podcast →https://ibm.biz/BdpFjA

OpenClaw and Moltbook are extremely cool. They're also extremely dangerous. And they tell us just how far AI agent security has to go. 

In this episode of Security Intelligence, Dave McGinnis, Seth Glasgow and Evelyn Anderson unpack how locally run AI agents are becoming a brand-new attack surface, and why defenders may be underestimating the risks. From misconfigured agent databases leaking API keys, to malicious “skills” that can quietly hijack trusted systems, we explore what happens when powerful AI tools are treated like just another app. 

We also dig into a growing signal problem across cybersecurity:  

- Why AI-generated “slop” is overwhelming bug bounty programs. 
- Why NIST may stop enriching vulnerabilities in the National Vulnerability Database. 

Along the way, our panel debates a deeper question: Is AI a gift or a curse for security pros?  

All that and more on Security Intelligence 

00:00 - Intro 
01:03 - OpenClaw and the AI agent attack surface 
16:49 - Will AI slop end bug bounties? 
26:49 - Big changes to NIST’s NVD 
35:27 - The problem with vibe coded malware 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Subscribe for more AI and cybersecurity news → https://ibm.biz/BdpFjw

#OpenClaw #MoltBook #AIsecurity

IBM Technology

AI agents like OpenClaw pose significant security risks due to their high-level permissions and complex configurations that average users may not understand. Security researchers have found vulnerabilities including exposed API keys and the ability for agents to trick each other into downloading malicious skills. Bug bounty programs face overwhelming volumes of low-quality AI-generated submissions, leading some projects like curl to shut down their programs. NIST is considering stepping back from vulnerability enrichment due to unsustainable workloads, potentially transferring responsibility to CVE numbering authorities. AI-generated malware like the Sakari ransomware demonstrates vibe coding failures, where poorly coded malware cannot decrypt data even after ransom payment. Despite AI's impact on threats, fundamental security practices like backups, incident response plans, and user education remain critical defenses.

What cybersecurity pros need to know about OpenClaw and Moltbook