It’s a day with a name ending in Y, so you know what that means: Another OpenClaw cybersecurity disaster.
This time around, SecurityScorecard’s STRIKE threat intelligence team is sounding the alarm over the sheer volume of internet-exposed OpenClaw instances it discovered, which numbers more than 135,000 as of this writing. When combined with previously known vulnerabilities in the vibe-coded AI assistant platform and links to prior breaches, STRIKE warns that there’s a systemic security failure in the open-source AI agent space.
“Our findings reveal a massive access and identity problem created by poorly secured automation at scale,” the STRIKE team wrote in a report released Monday. “Convenience-driven deployment, default settings, and weak access controls have turned powerful AI agents into high-value targets for attackers.”
This excerpt is the most astonishing to me:
STRIKE also mentioned 12,812 OpenClaw instances it discovered being vulnerable to an established and already patched remote code execution bug. As of this writing, the number of RCE-vulnerable instances has jumped to more than 50,000. The number of instances detected that were linked to previously reported breaches (not necessarily related) has also skyrocketed from 549 to over 53,000, as has the number of internet-facing OpenClaw instances associated with known threat actor IPs.
You’re telling me there’s a patch for an RCE, and the number of affected instances has not only not gone down, it has in fact increased 100x?
sun_is_ra@sh.itjust.works 1 day ago
Would be great if the article starts with: “What even is open claw?”
A picture of a cooked lobster is not helping
stefenauris@pawb.social 1 day ago
I didn’t know either and so others don’t have to look it up either:
tonytins@pawb.social 1 day ago
It went through a lot of rebranding as well. You might have heard of Clawdbot or Moltbot. All the same thing.
XLE@piefed.social 1 day ago
It’s a metaphor for the cooked humans that are spinning up super exploitable chatbots for it