Zeldeen Muller, CEO of inSite Connect, creator of AgendaWorx.com

Artificial intelligence is everywhere, and it’s changing how people work and communicate. But one tool in particular – OpenClaw (formerly Clawdbot and Moltbot) – deserves your immediate attention.

Developed by Peter Steinberger, OpenClaw is a free, open-source autonomous AI agent. It runs on large language models and uses messaging platforms like WhatsApp and email as its main interface. Members love it because it automates tasks, summarises chats, and boosts productivity. With over 600,000 downloads, 150,000 GitHub stars, and more than 300,000 users in just two months, it’s spreading fast.

The problem?

It sits on top of personal computers (Mac, Windows, Linux) and uses webhooks to link seamlessly to apps. If a member installs it on their device and your fund sends secure WhatsApp updates – pension balances, investment performance, withdrawal details – OpenClaw can intercept them in real time. End-to-end encryption? It doesn’t matter when the AI has direct access via webhooks.

Worse still, OpenClaw has powerful browser automation. It runs locally and can control browsers: navigate sites, fill forms, click buttons, extract data. If members have saved passwords in Google Chrome’s password manager (or similar), and they’ve granted OpenClaw access to that browser profile, the AI can use those credentials to log in automatically – meaning it could quietly access secure retirement fund member portals and pull sensitive information.

Security experts have flagged serious vulnerabilities:

• Tens of thousands of exposed instances lack proper password protection, opening the door to brute-force attacks on credentials.
• Malicious “skills” (extensions) from places like ClawHub steal browser passwords, API keys, and even crypto wallets – one audit found over 341 such cases, often by tricking users into running harmful code.
• It can even get access to SMS in specific setups (especially Mac-synced iMessage/SMS or configured Android), making it another way to intercept sensitive member comms.
• Prompt injection attacks bypass safeguards, letting the AI process untrusted content from websites and leak or access secure data without the user noticing.

For retirement funds, this is a nightmare under POPIA or similar regulations. Members could unwittingly hand over account numbers, beneficiary details, or tax info to an AI that stores or processes it insecurely.

Forbes did a great article on OpenClaw.

Steps you might need to consider:

1. Trustees, review your communication strategies now. Educate members – explain these AI risks plainly so they can make informed choices about what they install. Warn members: avoid giving consumer AI tools broad access to browsers or saved passwords, WhatsApp, SMS, especially on devices handling sensitive logins. Stick to official, secure portals without third-party agents overlaying them. If members use OpenClaw, they should isolate it strictly (no financial logins, read-only where possible) to prevent accidental or malicious interference.

2. Service providers, review your MFA (multi-factor authentication) strategies now. Should you move away from SMS and email OTPs in time?

In an age where AI promises help but delivers hidden dangers, we can’t stay silent.

Is it time we start communicating the risks of AI to members as part of retirement fund communication to keep members safe?

It might be – before one member’s “helpful” tool turns into your fund’s biggest headache.

ENDS

Ed’s note: Watch EBnet’s Exec Meet & Greet with Zeldeen Muller, CEO of inSite Connect here.