Moltbot (formerly Clawdbot) exploded almost overnight. This open-source AI agent promises full autonomy: managing email, calendars, files, APIs, and even running shell commands, often controlled through WhatsApp or Telegram. Tens of thousands of GitHub stars later, it’s being pitched as the next leap in “hands-off productivity.” But here’s the short, uncomfortable reality 👇 This isn’t just a Moltbot problem. It’s an agentic AI problem. - Every input becomes an attack vector.Emails, calendar invites, documents, chats—anything the agent can read is effectively a prompt. You don’t need access to the agent to influence its behavior. - Real access, minimal guardrails.File read/write, command execution, API tokens, posting privileges. One malicious or injected task can lead to data exfiltration, account abuse, or worse. - Attribution breaks completely.If something goes wrong, was it you, the agent, a bug, or a poisoned skill? From a legal, compliance, or incident-response standpoint, that’s a mess. - Costs can spiral silently. One bad loop = millions of tokens burned. Agentic systems don’t have natural spending ceilings unless you enforce them. - Open source ≠ safe by default.Most deployments lack isolation, audits, monitoring, or proper OPSEC. Production-level access operated with hobby-level security. Bottom line: AI agents aren’t assistants yet. They’re junior operators with broad access and zero common sense. Until we have proper sandboxing, per-action authorization, hard spend caps, and verifiable audit trails, running tools like this on personal or business systems is closer to live-fire testing than productivity. So where do you draw the line? Read-only agents? Local-only? Or full autonomy?

What’s your favorite OSINT tool that not many people think about? I’ll go first. 📱 Snapchat Here’s a recent simple but effective example: In my first case of 2026 as an OSINT detective, I investigated a suspected infidelity case. I was provided with the phone number of the alleged cheater. I saved the number in my phone contacts. Not long after, I received a notification: “Someone from your contacts is on Snapchat.” That account turned out to be a hidden Snapchat profile, unknown to the spouse who hired me. The profile was linked to the phone number and became a key data point in my investigation. From there, I used other OSINT tools to anonymously view and archive the profile and its content, so it could be properly documented and included as evidence in my report. Last week, they broke up 🥀. Why this works, even for adults: - Many people created Snapchat accounts years ago - Phone numbers often remain linked long after active use stops - “I don’t use Snapchat” ≠ “I don’t have Snapchat” No messages sent. No interaction. No alert to the other party. 📌 OSINT lesson: Platforms remember longer than people do. Understanding how everyday apps sync contacts and combining that with proper archiving and documentation—is often what turns a signal into evidence. Now your turn 👇 What’s an OSINT tool or platform you use that doesn’t get talked about enough?

Apologies for the delay on the courses. I’ve been a bit busy dealing with the government and that felt like the perfect moment to share this tool with you. You can use it as a citizen aswel as professionally or as a journalist. Tool: 🦅 Freedom of Information Act (FOIA) 🇺🇸 / 🧀 Wet open overheid (Woo) 🇳🇱. When you need answers from authorities, opinions don’t help, only facts and documents do. Like Alonzo said: “It’s not what you know, it’s what you can prove.” FOIA (🇺🇸) and the Woo (🇳🇱) are legal tools that allow you to request official government documents, such as: - Internal emails and correspondence - Policy notes and memos - Decisions, reports, and contracts - Timelines showing who knew what, and when This isn’t hacking. This isn’t leaking. This is using the rules of the system. Why I’m sharing this If you work with: - OSINT - compliance & due diligence - journalism or research - legal or policy work Then the government isn’t just an authority, it’s a data source. And when courses talk about “open sources”, this is one of the most underused but powerful ones. Courses are resuming shortly. In the meantime: consider this a field-tested tool drop.

For FREE FaceSeek lets you upload a face and find out on what websites that same person (or a very similar looking person) appears across the internet. Why it’s powerful: • Finds reused profile pics on fake accounts 👤 • Connects aliases and usernames across platforms 🔗 • Helps verify if someone is who they claim to be 🕵️ • Goes beyond reverse image search, it matches faces, not pixels 🗿 Facial Recognition is perhaps one of the most controversial tools for digital investigations. Used responsibly. FaceSeek: facial recognition Pimeyes: facial recognition for OSINT professionals Follow the Images 101 course in the classroom if you haven’t yet and visit https://www.cultrodistro.com/tools/images for more tools to use when you’re investigating an image

If you’re using AI for research or OSINT, relying on a single model is a blind spot. Different LLMs surface different answers, sources, and biases. LM Arena makes comparison easy by letting you chat with multiple LLMs side-by-side in one place. Why this is useful - No account juggling: You don’t need to create ten different accounts to test ten models. You can use LM Arena for free without an account, or create one account and try all available models. - Find the right fit: Test different LLMs and see which one suits your needs best (analysis-heavy, creative, concise, source-forward, etc.). - Cross-validation: Ask the same question to multiple models and spot inconsistencies fast. - Bias awareness: See where models agree, diverge, or confidently make things up. How to use it responsibly (OSINT mindset) 1. Treat AI output as leads, not conclusions. 2. Open any cited links outside the AI interface. 3. Reproduce the result manually (dorks, site search, archives). 4. Log queries, URLs, and timestamps. 5. If you can’t reproduce it → label it unverified. LM Arena doesn’t replace methodology — it removes friction. AI speeds things up, but OSINT still depends on traceability, reproducibility, and provenance. Explore: https://lmarena.ai/