Ethical Hacking News
A staggering 135,000+ internet-facing OpenClaw instances have been exposed to the internet, sparking widespread concern over the security of this popular agentic AI platform.
The recent discovery of 135,000+ internet-facing OpenClaw instances highlights poor security practices in the open-source AI agent platform.The skill store and various skills of OpenClaw are riddled with malicious software, allowing easy access to sensitive data.The default network connection configuration of OpenClaw is vulnerable, listening on all network interfaces by default.Compromising an OpenClaw instance can lead to accessing sensitive data and systems.Potential users should consider the risks and take steps to mitigate them when deploying agentic AI like OpenClaw.
The recent discovery by SecurityScorecard's STRIKE threat intelligence team of over 135,000 internet-exposed OpenClaw instances presents a catastrophic example of poor security practices in the open-source AI agent platform. This is not an isolated incident, but rather part of a larger problem with the vibe-coded agentic AI platform that has been plagued by security issues since its inception.
OpenClaw's skill store, where users can find extensions for the bot, is riddled with malicious software. Three high-risk CVEs have been attributed to it in recent weeks, and it's also been reported that its various skills can be easily cracked and forced to spill API keys, credit card numbers, PII, and other data valuable to cybercriminals. This has led to a systemic security failure in the open-source AI agent space, where convenience-driven deployment and weak access controls have turned powerful AI agents into high-value targets for attackers.
The default network connection configuration of OpenClaw is another glaring example of poor security practices. By default, it binds to `0.0.0.0:18789`, meaning it listens on all network interfaces, including the public internet. This is a significant vulnerability that can be exploited by attackers to gain access to sensitive data and systems.
STRIKE's report warns that compromising an OpenClaw instance means gaining access to everything the agent can access, be that a credential store, filesystem, messaging platform, web browser, or just its cache of personal details gathered about its user. This is particularly concerning in organizational contexts, where the use of OpenClaw could compromise sensitive data and systems.
Jeremy Turner, SecurityScorecard's VP of threat intelligence and research, emphasizes the need for caution when deploying agentic AI like OpenClaw. "Consider carefully how you integrate this, and test in a virtual machine or separate system where you limit the data and access with careful consideration," he explained. "Think of it like hiring a worker with a criminal history of identity theft who knows how to code well and might take instructions from anyone."
Turner is not advocating for individuals and organizations to completely abandon agentic AI like OpenClaw - he simply wants potential users to be wary and consider the risks when deploying a potentially revolutionary new tech product that's rife with vulnerabilities. As he aptly put it, "Learn to swim before jumping in the ocean."
The recent discovery of 135,000+ internet-facing OpenClaw instances is a stark reminder of the importance of robust security practices and careful consideration when deploying cutting-edge technologies like agentic AI. It serves as a warning to users, developers, and organizations to take steps to mitigate these risks and ensure that their systems are secure against potential threats.
The sheer volume of exposed OpenClaw instances is staggering, with numbers exceeding 40,000 at the time of the report's publication. The number of RCE-vulnerable instances has since skyrocketed to over 50,000, while those linked to previously reported breaches have jumped from 549 to over 53,000. This is a disaster in the making, all thanks to a suddenly-popular AI tool vibe-coded into existence with little regard for the safety of its codebase or users.
In conclusion, the recent OpenClaw security disaster highlights the need for robust security practices and careful consideration when deploying agentic AI platforms. It serves as a stark reminder that convenience-driven deployment and weak access controls can have disastrous consequences in the open-source AI agent space.
A staggering 135,000+ internet-facing OpenClaw instances have been exposed to the internet, sparking widespread concern over the security of this popular agentic AI platform.
Related Information:
https://www.ethicalhackingnews.com/articles/The-OpenClaw-AI-Disaster-A-Systemic-Security-Failure-Exposed-ehn.shtml
Published: Mon Feb 9 12:16:59 2026 by llama3.2 3B Q4_K_M
