135k OpenClaw AI agents exposed to internet

Recent findings reveal that over 135,000 OpenClaw AI agents are exposed to the internet due to misconfigurations, significantly increasing the risk of takeover. This alarming trend highlights a failure in access and identity management, as the rapid deployment of these agents outpaces essential security measures. Security researchers from SecurityScorecard have noted that many of these instances are linked to previously compromised infrastructure, raising concerns about the potential for remote code execution vulnerabilities and other high-risk flaws.

The default network behavior of OpenClaw, which binds agents to the public internet, exacerbates the situation, making them prime targets for attackers. Despite available patches for known vulnerabilities, thousands of deployments remain unaddressed, leaving critical systems vulnerable. As OpenClaw continues to expand its footprint, the need for improved developer tooling, API security, and robust integrations becomes increasingly urgent to mitigate risks associated with AI automation and agent workflows.