Back to List
Industry NewsAISecurityOpen Source

OpenClaw Security Risks Soar: Thousands of Corporate Deployments Expose Critical Vulnerabilities and Sensitive Data, Raising Alarm for Security Leaders

OpenClaw, an open-source AI agent, has seen a rapid surge in deployments, escalating from 1,000 to over 21,000 publicly exposed instances in less than a week. This widespread adoption includes corporate environments, where employees are installing OpenClaw on company machines, granting autonomous agents extensive privileges like shell access, file system access, and OAuth tokens for services such as Slack, Gmail, and SharePoint. Critical vulnerabilities have been identified, including CVE-2026-25253, a CVSS 8.8 remote code execution flaw, and CVE-2026-25157, a command injection vulnerability. A security analysis of ClawHub marketplace skills revealed that 7.1% contain critical security flaws exposing plaintext credentials, with a Bitdefender audit finding 17% of skills exhibited malicious behavior. Furthermore, Moltbook, an AI agent social network built on OpenClaw, exposed 1.5 million API authentication tokens, 35,000 email addresses, and private messages with plaintext OpenAI API keys due to a misconfigured Supabase database. This rapid proliferation and inherent security risks present a significant challenge for security leaders seeking controlled evaluation paths.

VentureBeat

The open-source AI agent, OpenClaw, is experiencing a rapid and concerning increase in adoption, with Censys tracking its publicly exposed deployments from approximately 1,000 to over 21,000 in under a week. This surge is particularly alarming within business environments, as confirmed by Bitdefender’s GravityZone telemetry. Employees are deploying OpenClaw on corporate machines using simple install commands, inadvertently granting these autonomous agents significant privileges, including shell access, file system access, and OAuth tokens for critical corporate applications like Slack, Gmail, and SharePoint.

Several critical security vulnerabilities have been identified within OpenClaw and its ecosystem. CVE-2026-25253, a one-click remote code execution flaw rated CVSS 8.8, allows attackers to steal authentication tokens via a single malicious link, potentially leading to full gateway compromise in milliseconds. Another vulnerability, CVE-2026-25157, is a command injection flaw that permits arbitrary command execution through the macOS SSH handler. A comprehensive security analysis of 3,984 skills available on the ClawHub marketplace revealed that 283, or approximately 7.1% of the entire registry, contain critical security flaws that expose sensitive credentials in plaintext. A separate audit conducted by Bitdefender further indicated that roughly 17% of the skills analyzed exhibited outright malicious behavior.

The exposure of credentials extends beyond OpenClaw itself. Researchers at Wiz discovered that Moltbook, an AI agent social network built upon OpenClaw infrastructure, had its entire Supabase database publicly accessible without Row Level Security enabled. This significant breach exposed 1.5 million API authentication tokens, 35,000 email addresses, and private messages exchanged between agents, which contained plaintext OpenAI API keys. A single misconfiguration granted anyone with a web browser full read and write access to every agent credential on the platform.

The rapid proliferation of such AI agents is undeniable, with OpenAI’s Codex app achieving 1 million downloads in its first week. Meta has also been observed testing OpenClaw integration within its AI platform codebase. This rapid adoption, coupled with the severe security vulnerabilities and widespread credential exposure, presents a dilemma for security leaders. While setup guides suggest acquiring hardware like a Mac Mini for evaluation, security advisories caution against interacting with these agents, leaving security professionals without a controlled pathway for secure evaluation.

Related News

Meituan Unveils LongCat-2.0: The First Trillion-Parameter Model Trained on a 50,000-Card Domestic Computing Cluster
Industry News

Meituan Unveils LongCat-2.0: The First Trillion-Parameter Model Trained on a 50,000-Card Domestic Computing Cluster

Meituan's technology team has officially released LongCat-2.0, a landmark trillion-parameter model that marks a significant achievement in domestic AI infrastructure. As the industry's first model of its scale to complete full-process training and inference on a 50,000-card domestic computing cluster, LongCat-2.0 features 1.6 trillion total parameters with an average activation of 48 billion. The model is pre-trained from scratch and natively supports a 1-million-token long context window. Specifically optimized for "Agentic Coding," LongCat-2.0 is designed to provide high efficiency and stability in complex code understanding, generation, and execution tasks. This release highlights the growing capability of domestic hardware to support massive-scale AI development and specialized coding agents.

Meituan AI Research Milestone: 32 Papers Accepted at Top 2026 Global Conferences Including ACL Outstanding Paper
Industry News

Meituan AI Research Milestone: 32 Papers Accepted at Top 2026 Global Conferences Including ACL Outstanding Paper

Meituan's technical team has achieved a significant academic milestone in 2026, with 32 research papers accepted across the world's most prestigious artificial intelligence conferences, including ACL, SIGIR, ICML, and KDD. A standout achievement in this cohort is the receipt of an 'Outstanding Paper' award at ACL 2026, signaling the high quality of Meituan's contributions to computational linguistics. To share these technical insights with the broader community, Meituan organized five specialized live broadcast sessions focusing on the core findings of these 32 papers. This accomplishment underscores Meituan's growing influence in the global AI research landscape and its commitment to advancing fields such as machine learning, information retrieval, and data mining.

Meituan Technical Team Presents Selected Academic Research at ICML 2026 International Machine Learning Conference
Industry News

Meituan Technical Team Presents Selected Academic Research at ICML 2026 International Machine Learning Conference

The Meituan Technical Team has announced its participation in ICML 2026, one of the most influential international academic conferences in the field of machine learning. The conference serves as a premier platform for discussing the future challenges and core issues facing the industry. By selecting and evaluating research that demonstrates significant theoretical value and practical impact, ICML aims to drive the evolution of machine learning and establish future research trajectories. Meituan's involvement highlights its commitment to high-level academic contributions and the advancement of cutting-edge technology. This selection of papers underscores the team's focus on bridging the gap between complex theoretical frameworks and real-world applications, ensuring that their research remains at the forefront of global machine learning developments.