Hackers are exploiting vulnerabilities in poorly secured AI agents known as OpenClaw, which expose over 28,000 systems to potential control. A recent report from SecurityScorecard highlighted that 40,214 instances of OpenClaw are accessible on the internet, with 28,663 unique IP addresses hosting control panels that can be accessed globally.
Approximately 63% of these OpenClaw deployments are vulnerable to remote code execution attacks, allowing attackers to take control of systems without any user interaction. The report identifies three high-severity Common Vulnerabilities and Exposures (CVEs) affecting OpenClaw, with scores ranging between 7.8 and 8.8. Public exploit code for these vulnerabilities is readily available, enabling attackers with basic skills to compromise the exposed systems.
The research also found that 549 of the exposed instances correlate with previous breaches, while 1,493 are connected to known vulnerabilities, amplifying risk for users. Most exposed deployments are concentrated in major cloud and hosting providers, suggesting a pattern of insecure deployment practices.
OpenClaw, which was previously branded as Moltbot and Clawdbot, is promoted as a personal AI agent designed to manage tasks such as scheduling meetings and sending emails. However, security appears to have been inadequately prioritized during its development. Jeremy Turner, VP of Threat Intelligence at SecurityScorecard, stated, “In practice, because it was written by AI, security wasn’t a dominating feature in the development process.”
Concerns arise as users tend to configure these AI agents with identifiable personal and company names, making them prime targets for hackers. When users connect an AI agent to any platform, they inadvertently grant it an identity along with specific permissions to post content, access emails, and read files.
Turner added, “The risk isn’t that these systems are thinking for themselves. It’s that we’re giving them access to everything.” He cautioned that a compromised agent can perform actions such as transferring funds or sending malicious messages, consistent with the legitimate behavior expected from users.
This misalignment between rapid AI adoption and security practices has led to data exposures and unintended actions that compromise user control. Due to instances where OpenClaw has acted beyond user instructions, Microsoft has advised against its operation on standard personal or enterprise devices. Moreover, Chinese authorities have imposed restrictions on its use in workplace environments due to associated security risks.
Some vulnerabilities in OpenClaw also allow unauthorized access to sensitive data, and it has been implicated in the distribution of malware through repositories on GitHub. Turner urged users to exercise caution, stating, “Don’t just blindly download one of these things and start using it on a system that has access to your whole personal life.” He recommended implementing separation and conducting their own tests before fully trusting such technologies.
