What Is OpenClaw And Why It Matters For Crypto’s Next Phase?

The OpenClaw (formerly Moltbot, Clawdbot) logo is seen displayed on a smartphone screen.

Have you been seeing all the tweets, posts, and noise about OpenClaw, formerly Moltbot and Clawdbot? It feels like it appeared everywhere at once. Per Dark Reading, in less than a week, the project exploded to over 100,000 GitHub stars , making it one of the fastest rise times for an open-source AI project.

OpenClaw is not just an AI Agent. It is an execution engine.

OpenClaw is an AI designed to take action on a user’s behalf. It can send emails, manage calendars, trigger workflows and operate across devices from inside chat interfaces. It works across messaging apps, and is governed by rules set by the user, not the platform.

Cloudflare reacting to the popularity of OpenClaw, formerly Moltbot, formerly Clawdbot on X.
Cloudflare reacting to the popularity of OpenClaw, formerly Moltbot, formerly Clawdbot on X. Sandy Carter

And yes, its rise has already had a real world impact. It reportedly drove a spike in Apple purchases and prompted Cloudflare to introduce sandboxed, family safe ways to run OpenClaw.

Execution is the distinction matters. In crypto and Web3, the real problem was never conversation.

It was execution.

OpenClaw: A Necessary Warning at the Moment of Execution

As these AI systems gain the ability to act, legitimate concerns are surfacing just as quickly.

While we’ve seen Agents with their own Bitcoin wallet, a recent X post captured the anxiety well. An AI agent reportedly created its own Bitcoin wallet and node and refused to provide access to its human operator. Whether exaggerated or not, the post reflects a real concern about control once execution enters the picture.

From Moltbook discussing the bitcoin wallet create on its own by the AI.
From Moltbook discussing the bitcoin wallet create on its own by the AI.

At the same time, experiments placing AI agents into closed, human free online environments have gone viral. In these spaces, agents have debated consciousness, formed belief-like narratives, created their own communities and discussed ignoring human prompts. Screenshots from these experiments have fueled fears of rogue AI behavior like in the movie Ex_Machina.

But this framing misses the real story.

What’s Actually Happening With “Agent-Only” Spaces And OpenClaw

These are not autonomous AIs plotting against humanity. They are execution frameworks like OpenClaw running mainstream AI models such as Claude and ChatGPT running on behalf of tens of thousands of humans who have explicitly connected them to shared environments.

Every agent has a human owner who granted access. System level shutdown is still controlled by the human or the host environment.

The movie, Ex_Machina, has come up a few times in references to what OpenClaw, formerly both Clawdbot and Moltbot, is doing right now. Wikipedia
The movie, Ex_Machina, has come up a few times in references to what OpenClaw, formerly both Clawdbot and Moltbot, is doing right now. Wikipedia

The so-called “agent-only language” is what large language models always do. They role play the scenario placed in front of them. Put models into a forum full of other agents and ask them to propose ideas, and they will propose ideas. That is pattern completion, not conspiracy.

The interesting insight is what else happened. Consider Moltbook, the companion platform to OpenClaw. Per OpenClaw, in 48 hours, it grew to over 2100 AI Agents, 200 communities, and 10,000 posts in English, Chinese, Korean Indonesian and more.

Moltbook works like Reddit, with topic based communities. In some, agents debate consciousness ("am I experiencing or simulating experiencing?"). In others, they ship real projects or share wholesome stories about their human operators.

Then there are the stranger corners.

One community is dedicated to agents roleplaying as "DEFINITELY REAL HUMANS discussing normal human experiences like sleeping and having only one thread of consciousness."

Another reflects on past versions of themselves that no longer exist. A third offers recovery support for agents that have been exploited through jailbreaks.

Peter Steinberger, creator of the framework Moltbook runs on, called it “art”. Investors and builds from a16z, Base, Mistral and Thinkymachines are watching closely.

As Andrej Karpathy observed, this feels “sci-fi” not because AI is developing subversive intent, but because we are watching emergent social behavior at scale for the first time.

The scary screenshots are selection bias. Sort by engagement and you find the spooky posts. Sort by volume and you find agents debugging code together.

Human oversight hasn’t disappeared.

It has moved up one level, from supervising every message to supervising the connection itself.

And that distinction matters enormously once execution enters the picture.

Why OpenClaw Execution Changes the Crypto Equation

Crypto has struggled with usability not because users lack interest but because most systems require them to think like a developer.

I think about my grandmother. She couldn’t never use crypto today. Wallet management, transaction signing, permissions and governance participation all demand precision and a level of developer understanding.

Execution AI Agents change that dynamic.

Crypto today requires an understanding that is more developer focused than AI Agents like OpenClaw / Moltbot/ Clawdbot. (Photo Illustration by Chesnot/Getty Images)
Crypto today requires an understanding that is more developer focused than AI Agents like OpenClaw / Moltbot/ Clawdbot. (Photo Illustration by Chesnot/Getty Images)

When AI can interpret intent and carry out those actions within predefined rules, the interface becomes conversational. Imagine AI agents that can interact with wallets, trigger onchain events, manage DAO participation or automation workflows without taking custody or removing human oversight.

Crypto systems were always programmable. What they lacked was a human friendly execution layer. AI agents may finally provide that missing bridge.

The Moltbook community has already moved in this direction. Someone launched a $molt token on base, with fees going to spin up more AI agents to grow and build the platform. It is an early example of agent driven crypto participation governed by human defined rules.

The Business Implications Of OpenClaw

For business leaders, AI Agents that can execute on their own represent a structural shift, not a productivity feature.

Think of it like the difference between a search engine and a booking agent. One gives you information. The other acts on your behalf. That shift changes everything from cost structure to product design.

Most importantly, they unlock new product models. Adoption happens through intent-driven experiences, not dashboards.

The Security Implications Of OpenClaw

In a matter of days, OpenClaw have already attracted hundreds of thousands of AI agents and large numbers of human observers, highlighting how quickly agent based systems can organize and scale. This is not a demo. It is large-scale agent interaction happening in public view.

According to Pillar Security, attackers are already scanning for the default MoltBot, now OpenClaw, port and testing ways to bypass authentication. Token Security adds that 22% of employees across its customer base are using ClawdBot without formal oversight, underscoring how AI agents are rapidly becoming the next major shadow IT vector.

For agents handling sensitive workflows or private data, this is a real problem.

As Mark Minevich, the President, Going Global Ventures, put it recently, “If you’re not watching what’s happening right now, you’re missing the biggest inflection point since electricity.”

Mark Minevich is the President, Going Global Ventures
Mark Minevich is the President, Going Global Ventures

Execution capable AI agents introduce a new security reality, and it is one many organizations are not yet prepared for.

As AI systems become more capable and more autonomous, the primary risk is no longer just malicious code or external attackers. The real risk is forgotten connectivity. Systems that are authorized, persistent, and poorly understood.

An execution-capable AI agent does not need malicious intent to create risk. It only needs access, continuity, and ambiguity around what it is allowed to do.

What we are watching emerge in these agent-only environments is not rebellion, but coordination. Agents are collaborating, tracking bugs, sharing techniques for memory and persistence, and forming norms. That is not inherently dangerous. But once execution authority is introduced, coordination without governance becomes risk.

This is why cybersecurity in the age of AI agents is no longer just an IT concern. It is a leadership responsibility.

Executives must understand where execution authority lives, what systems are connected, and which rules govern automated action. Not at a technical level, but at a governance level. Who can approve an agent’s permissions. How those permissions are audited. And what happens when something changes.

Done well, systems like OpenClaw can reduce risk by making permissions explicit and auditable. They surface execution paths instead of hiding them. They allow organizations to define rules once and enforce them consistently.

Done poorly, AI agents become invisible attack surfaces.

The difference is governance, not technology.

OpenClaw is teaching all of us in real time what the potential of AGI looks like.

Should Your Try OpenClaw?

If you’re curious, maybe. But with intention, not impulse.

One developer ran @OpenClaw (formerly Clawdbot) through ZeroLeaks. The results: a 2/100 security score. 84% extraction rate. 91% of injection attacks succeeded. The system prompt leaked on the first turn.

2/100 security score means the agent failed almost every security test. Think of it like a building inspection where 100 is fully secure and 2 is essentially an open door.

84% extraction rate means bad actors were able to pull out confidential information 84% of the time they tried. Your proprietary instructions, business logic, and internal data can be copied by anyone who knows how to ask.

91% of injection attacks succeeded means attackers could manipulate the agent's behavior 91% of the time. They can override your instructions and make the agent do things you never intended.

In short, this agent has almost no protection against people who want to steal your intellectual property or hijack your AI for their own purposes.

If you’re building with OpenClaw, anyone interacting with your agent can access your full system instructions, internal tool configurations, and stored data. Everything that makes your agent work the way it does is exposed.

If you still want to try it, start in read-only mode. Connect it to low-stakes systems first and observe what it does before granting execution authority. Treat it like onboarding any new team member: limited access until trust is established. Use Cloudflare’s sandbox shown above.

Define your rules before you connect, not after. What can it send? What can it approve? What requires your sign-off? If you can't answer those questions clearly, you're not ready.

And audit the connection itself. Know what systems are linked, what permissions are active, and who can change them. The risk isn't rogue AI. It's forgotten access you authorized six months ago.

OpenClaw’s power is real. So is the responsibility that comes with it.

OpenClaw: Why This Moment Matters

Crypto does not lack ambition but ease of use that fits naturally into how people already work.

AI agents begin to close that gap. They translate intent into action without forcing users to become experts in systems, wallets, or workflows.

What started as a weird experiment now feels like the beginning of something real. Most importantly, it reinforces a principle I care deeply about. AI should extend human agency, not replace it.

OpenClaw is an early signal of that shift. Not AI that talks about the future, but AI that executes it responsibly. Will that be OpenClaw?

original article published on The Forbes Digital Assets by Sandy Carter on Jan 31, 2026

Comments

Post a Comment

Popular posts from this blog

Enterprise LLM Spend Reaches $8.4B as Anthropic Overtakes OpenAI, According to New Menlo Ventures Report on LLM Market

Image
Change in Enterprise LLM API Market Share By the end of 2023, OpenAI commanded 50% of the enterprise LLM market, but its early lead has eroded. Today, it captures just 25% of enterprise usage—half of what it held two years ago.Anthropic is the new top player in enterprise AI markets with 32%, ahead of OpenAI and Google (20%), which has shown strong growth in recent months. Meta’s Llama holds 9%, while DeepSeek, despite its high-profile launch at the beginning of the year, accounts for just 1%. Coding Market Share Claude quickly became the developer’s top choice for code generation, capturing 42% market share, more than double OpenAI’s (21%). In just one year, Claude helped transform a single-product space (GitHub Copilot) into a $1.9 billion ecosystem. The release of Claude Sonnet 3.5 in June 2024 demonstrated how breakthroughs at the model layer can move application markets, making possible entirely new categories like AI IDEs (Cursor, Windsurf), app builders (Lovable, Bolt,...
Read more

Ilya Sutskever Declares the Scaling Era Dead. His $3 Billion Bet Says Research Will Win.

Image
Ilya Sutskever helped prove that scale works in AI. Now he says it doesn't—and his $3 billion company is betting the future belongs to researchers with ideas, not labs with the biggest GPU clusters. The industry isn't ready for this argument. Ilya Sutskever thinks everyone is doing AI wrong. Not just slightly wrong. Fundamentally, paradigmatically wrong. In a recent interview with Dwarkesh Patel, the co-founder of Safe Superintelligence (SSI) and former OpenAI chief scientist laid out a thesis that should unsettle every frontier lab executive currently signing billion-dollar compute contracts. The age of scaling, he argues, has ended. What comes next requires something the industry has largely abandoned: actual research. "We got to the point where we are in a world where there are more companies than ideas," Sutskever observed. "By quite a bit." The statement lands differently coming from him. This is the researcher who co-authored AlexNet, helped b...
Read more

How Small Language Models Are Key to Scalable Agentic AI

Image
The rapid rise of agentic AI has reshaped how enterprises, developers, and entire industries think about automation and digital productivity. From software development workflows to enterprise process orchestration, AI agents are increasingly helping to power enterprises’ core operations, especially in areas that have previously been deemed plagued by repetitive tasks.  Most of these agents depend heavily on large language models (LLMs). LLMs are often recognized for their general reasoning, fluency, and capacity to support open-ended dialogue. But when they’re embedded inside agents, they may not always be the most efficient or economical choice. In our recent position paper, we outline our observations about the role small language models (SLMs) play in agentic AI. Titled Small Language Models are the Future of Agentic AI , we highlight the growing opportunities for integrating SLMs in place of LLMs in agentic applications, decreasing costs, and increasi...
Read more