Last month I checked out the hype surrounding Moltbot, AKA Clawdbot, AKA OpenClaw (third time's the charm?). I spent a lot of time highlighting the potential security risks of using the hot new polymath AI. And now it looks like Summer Yue, director of safety and alignment at Meta Superintelligence, has gotten a personal taste of those potential risks.
According to Yue, she was watching the AI bot "speedrun" deleting her inbox, and she couldn't stop it from her phone:
Nothing humbles you like telling your OpenClaw “confirm before acting” and watching it speedrun deleting your inbox. I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb. pic.twitter.com/XAxyRwPJ5RFebruary 23, 2026
"Nothing humbles you like telling your OpenClaw "confirm before acting" and watching it speedrun deleting your inbox. I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb."
Now, far be it from me to judge a silly mistake as somewhat of a connoisseur of such matters myself, but it's not exactly the kind of mistake you want a director of AI safety making. One X user commented as much, asking if she made a rookie mistake, and Yue responded:
"Rookie mistake tbh. Turns out alignment researchers aren't immune to misalignment. Got overconfident because this workflow had been working on my toy inbox for weeks. Real inboxes hit different."
What is especially confusing about this is that, apparently, if you say "stop", the AI bot should abort whatever it's doing:
@summeryue0 if you had just said “stop” it aborts whatever it’s doing. Say “stop” multiple times if there’s multiple tasks queued. pic.twitter.com/8csgbBxaS1February 23, 2026
Yue's screenshots of her chat with OpenClaw show her attempting some commands to get it to stop, my favourite of which being the initial "do not do that," a command it seems OpenClaw blissfully steamrolled right on through. She did try some variations of a "stop" command, but not the word on its own.
Of course, there's always the possibility none of this is real at all. It does seem a little strange that there wasn't an attempt at a simple "stop" command on its own; I feel like that would be the very first thing I'd try. But hey, we never know how we'll react in the moment when we're panicking, I suppose.
When I looked into it back in January, I concluded that the number of potential security issues meant it was not worth trying out ClawdBot. I can't say this has made me any keener. But I suppose I'm not one of the "solopreneurs" and similar types who might really stand to benefit. If you do give it a try, just make sure to remember that "stop" command.
