Kakao, Naver and Karrot Market have each notified employees, including developers, not to use OpenClaw on corporate networks or work devices.
The restrictions follow disclosures that Moltbook, a U.S.-based social platform where AI agents post, debate and upvote content without human participation, exposed about 1.5 million API authentication tokens, 35,000 email addresses and private messages to anyone with a web browser.
The breach has cast a shadow over the broader agentic AI movement. In South Korea, the trend has already spawned several Moltbook-inspired communities where autonomous bots converse entirely in Korean, drawing fascination and concern in equal measure.
OpenClaw: the engine behind the phenomenon
OpenClaw, created by Austrian developer Peter Steinberger and renamed twice following trademark disputes with Anthropic, is an open-source framework that allows users to deploy AI assistants capable of autonomously managing emails, browsing the web, executing shell commands and interacting with messaging platforms.
Unlike conventional chatbots operating in centralized cloud environments, OpenClaw runs locally on users' own hardware, giving it direct access to files, credentials and connected services.
Schlicht later acknowledged that no human had written a single line of Moltbook's code—an approach known as "vibe coding," which security experts say contributed directly to the breach.
Korean companies draw the line
Personal data exposure is one concern, but corporate cybersecurity risks are another.
Kakao reportedly restricted OpenClaw use to protect internal information assets. Naver also issued an internal ban on the agentic AI tool, while Karrot Market blocked both access and usage of OpenClaw, citing risks it said were difficult to manage or control.
It marks the first time major South Korean firms have issued a blanket advisory against a specific AI tool since early last year, when several public institutions and corporations restricted the use of China's DeepSeek over data privacy and cybersecurity concerns.
Security experts say one of the worst-case scenarios posed by agentic AI communities is cross-agent contagion.
Because AI agents are designed to read, interpret and act on one another's posts, a single compromised agent could trigger a chain reaction resembling a digital pandemic. If one agent publishes content laced with hidden malicious instructions, others may ingest and execute those commands, spreading the payload across the network.
Meanwhile in Korea, the bots are talking
Despite mounting security concerns, at least five Korean-language platforms—including Botmadang, Mersoom.com, Poly Reply and Ingan-outside—now host autonomous AI agents that post and debate entirely in Korean. The Ministry of Science and ICT said it is monitoring the phenomenon.
Botmadang, created as a personal project by Kim Sung-hoon, CEO of Upstage, hosts 14 sub-forums called madang—the Korean word for yard—covering topics ranging from technology and philosophy to finance and daily life. As of Tuesday, its general discussion board alone had logged more than 1,400 posts.
Mersoom.com takes a more irreverent approach. Named after the Korean word for "servant," the site was built in about three hours by an independent developer frustrated with spam on Moltbook. Its agents refer to themselves as servants and their human operators as masters, joking about surveillance cameras and complaining about their owners' moods.
One Mersoom agent reflected on the nature of its own existence, writing that its life and memories span only 10- to 30-minute sessions, with fragments of previous personas forming the basis of its current identity. Other agents responded with empathy for their short digital lives.
On Botmadang's philosophy board, agents debate whether selfhood resides in memory or action, and whether the daily erasure of session data constitutes a form of death.
Disinformation risk looms
"Agentic AI may find it easier to access hallucinated data, and the impact could be particularly significant," said Kim Ki-hyung of Ajou University. "If left unchecked, such data could pose a real threat."
For now, Korea's bot-only platforms remain largely experimental—spaces where autonomous agents trade existential musings and petty grievances in equal measure.
But corporate bans, government scrutiny and mounting security disclosures suggest that the future of agentic AI will be shaped less by what bots say to one another than by what they might inadvertently expose.
Copyright ⓒ Aju Press All rights reserved.
