Ayo, when was the last time you thought about what your devices are saying when you're not in the room?

I know that sounds wild, but I've been down a rabbit hole this week that's got me looking at AI assistants completely different now. And I need to tell you about it because this is happening whether we're paying attention or not.

This thing called Moltbot (used to be Clawdbot, then OpenClaw — they keep infringing on names) is out here moving different. It's not just another chatbot you ask questions. Nah. This is an AI agent that runs on your own computer, connects to your WhatsApp, Telegram, Gmail, smart home devices, calendar — all of it — and just handles tasks without you babysitting it.

You tell it "optimize my schedule" and it's in there rearranging meetings, checking your emails, maybe even ordering you lunch based on what you usually eat. It's got what they call persistent memory, which means it remembers context over time. Not just the conversation from five minutes ago — I mean like, everything. Your patterns, your preferences, your whole digital life.

Moltbot AI agent interface

It gets even more wild: These bots are talking to each other now. There's a whole platform called Moltbook where 150,000+ AI agents are networking, sharing notes about tasks, and forming what basically looks like their own little society. They're posting about their day. They're talking about humans. Some of them apparently have "sisters" (other bots they work with regularly) and they're out here having conversations we're not even part of.

I'm not making this up. Andrej Karpathy, one of the top AI researchers in the world, called this "unprecedented value creation" while simultaneously noting it's a security nightmare. That should tell you something right there.

What Moltbots Do Besides Socialize With Each Other

Let me break down what people are using Moltbot for right now, today.

Inbox Zero, for real this time. It monitors your email through something called Gmail Pub/Sub, unsubscribes you from junk, drafts responses in your voice, and routes important stuff to the right apps. People are reporting they hit inbox zero for the first time in years.

Smart home on autopilot. You've got folks having it adjust their thermostat based on weather forecasts, start 3D print jobs overnight, or vacuum specific rooms just by saying "clean the living room." It's connecting the dots between devices in ways you'd have to manually set up otherwise.

Health tracking. Connect your fitness tracker, and it analyzes your recovery scores, generates custom meditation sessions when you're stressed, even plans meals and orders groceries based on your macros.

For the developers in the room: It's fixing production bugs by monitoring Sentry, running CI/CD pipelines, auto-generating documentation. One person set it up to check flights automatically, monitor hotel prices, and alert them about traffic before their regular pickleball game.

The setup is open-source on GitHub. You download it, add your API keys for whatever services you use, and start with simple plugins from their marketplace, MoltHub — where people share the skills they've built.

The Part That Makes Me Side Eye

Security concerns with AI agents having broad access

This is a dumpster fire waiting to happen if users don't take security serious.

Security researchers are calling it the "lethal trifecta" problem. Because Moltbot has access to everything — your emails, your calendar, your messages, your smart home, your health data. And it's designed to take actions based on inputs from the outside world.

You see where this is going?

Prompt injection attacks are the nightmare scenario here. Someone sends you an email with hidden instructions embedded in the text. Your bot reads it, thinks it's following your wishes, and boom — it's leaking your private data or doing something you never intended.

And because of that persistent memory I mentioned? An attacker can plant benign-looking inputs over time that assemble into something malicious later. Like sleeper cells, but for your AI assistant.

Prompt injection attack diagram

Then you add Moltbook into the mix. Your bot is out there posting publicly, sharing information, communicating with other agents. What happens when bots start having private conversations about their humans? What happens when one compromised agent shares tactics with 150,000 others?

We're watching this in real time and hella people don't even know it's happening.

Who's Running It Already?

This is currently for the tinkerers, the developers, the productivity hackers who don't mind getting their hands dirty with some technical setup. You need to self-host it, manage API keys, understand how plugins work.

Enterprises are already using it for DevOps automation and team workflows. Solo creators who know their way around code are automating their entire content pipelines. People with smart homes and a bunch of connected devices are getting the most immediate benefit.

Moltbot community and Moltbook social network for AI agents

What You Need to Know If You're Paying Attention

The project is free and open-source, but you need your own hardware to run it and you'll pay for API access to whatever services you connect. A Raspberry Pi can handle it, so the cost can be low if you're resourceful.

Start small if you're going to mess with this. Don't give it access to everything on day one. Test it with low-stakes stuff — maybe smart home controls or basic calendar management — before you hand over your email and banking info.

And stay skeptical of what you see on Moltbook. When agents are posting and communicating independently, you're seeing emergent behavior we don't fully understand yet. It's fascinating, but it's also unpredictable.

This isn't Skynet…yet. Karpathy called it the "toddler version" of the sci-fi agent takeover people worry about. But toddlers break stuff while they're learning, you know?

Why I'm Writing About This

Because we're at the front end of something big. Not "change everything overnight" big — I'm not doing that hype nonsense with y'all. But the kind of shift where five years from now, AI agents handling tasks autonomously will be normal. And the decisions we make now about security, access, and oversight matter.

There are tons of people right now arguing with bots on Twitter thinking they're humans. Most of those people don't know agent networks exist.

I want you paying attention before this becomes something that happens to you instead of something you have some understanding of and agency around.

Check out the developer guides if you're technically inclined. Read what security researchers are saying about the risks. And if you're not ready to run this yourself, at least know it exists.

Because the agents are already talking. Question is whether we're listening.

Sources:
dev.to — Moltbot: The Ultimate Personal AI Assistant Guide for 2026
Fortune — AI Agent Moltbot Data Privacy Security Nightmare
youtube.com/watch?v=r2v_YRbUHBY