Open-source agentic AI assistant Moltbot has gone viral for running autonomously 24/7 from within messaging apps like Telegram or WhatsApp, proactively taking actions and updating users when tasks are completed.

Moltbot runs locally and can connect deeply to a user’s digital life, enabling persistent, action-oriented automation rather than one-off chat interactions. The project was previously named Clawdbot and was renamed after Anthropic raised trademark concerns.

Viral demonstrations range from negotiating and purchasing high-value items to placing phone calls via voice AI after a booking flow failed, showcasing how far consumer-grade agents have progressed in real-world task execution.

However, the same autonomy creates a sharp safety tradeoff. Security researchers warn that full system access expands the blast radius of failures, including prompt injection attacks, exposed credentials, data leakage, and broader system compromise if guardrails and permissions are not configured correctly.

Why it matters: Moltbot is a live example of where agentic AI is heading — persistent, autonomous, and capable of real actions. But as “full access” agents spread, security and governance will become the limiting factor, not capability.