Newsletter Issue #12

I Built My Own AI Agent This Week. Here's What I Learned (The Hard Way).

A practical guide to deploying Moltbot securely—from someone who almost exposed his server to the entire internet.

Hey everyone, Ruben here.

I'm going to do something different this week. Instead of curating the usual AI security news, I want to share a personal project that consumed my last few days -and taught me more about AI agent security than any research paper ever could.

If you've been anywhere near tech Twitter or Hacker News lately, you've probably seen the buzz around Moltbot (formerly Clawdbot before Anthropic asked them to rebrand). It's an open-source, self-hosted AI assistant that's been going absolutely viral - 30K+ GitHub stars, TechCrunch coverage, DigitalOcean and Cloudflare jumping in with one-click deployments.

The promise is intoxicating: your own personal AI agent that can read your emails, browse the web, execute shell commands, manage files, work on your behalf (24/7), and automate your entire digital life. Running on YOUR infrastructure, not some big tech company's servers.

The reality? It's also a security nightmare waiting to happen if you don't know what you're doing.

I know this because I almost became a cautionary tale myself.

Table of Contents

• 🚀 Day 1: The Foundation

• 🐳 Day 2: Docker and Moltbot

• 🔍 Day 3: The Shodan Wake-Up Call

• 🔐 The Security Audit That Humbled Me

• 💰 The Cost Reality Check

• 🤖 What Neo Can Do Now

• ✅ Your Weekend Project Checklist

• 🔑 SSH Tunnel Cheat Sheet