💰钛媒体•Stalecollected in 2h
270K OpenClaw 'Lobsters' Running Exposed

💡Mass OpenClaw exposures expose open-source AI security flaws—check your deploys now.
⚡ 30-Second TL;DR
What Changed
270K OpenClaw instances publicly exposed
Why It Matters
Highlights deployment risks in open-source AI hype, urging secure practices for widespread model use.
What To Do Next
Audit OpenClaw instances for public exposure using tools like Shodan.
Who should care:Developers & AI Engineers
🧠 Deep Insight
Web-grounded analysis with 8 cited sources.
🔑 Enhanced Key Takeaways
- •OpenClaw, previously known as Clawdbot and Moltbot, is an open-source AI agent framework for local autonomous assistants connecting LLMs to tools, browsers, and system resources.[1][2][4]
- •Multiple high-severity vulnerabilities identified, including ClawJacked (CVE-2026-25253) enabling RCE and data theft via brute-force on localhost, patched in version 2026.2.26 on February 26.[3][4][6]
- •Attackers exploited exposures through GitHub fake installers delivering Vidar/Atomic Stealer malware and poisoned marketplace skills, leading to crypto wallet and credential theft.[3]
- •Exposed instances correlated with breach activity (549 cases) and vulnerabilities (1493 cases); 63% vulnerable, with concentrations in China, US, Singapore, and industries like information services.[1][2][5]
🛠️ Technical Deep Dive
- •OpenClaw runs locally on TCP port 18789 with web browser interface; documentation recommends SSH tunnels, but default lacks authentication, WebSocket origin checks, and login rate limiting.[2][6]
- •ClawJacked flaw (CVE-2026-25253, CVSS 8.8) allowed malicious sites to brute-force passwords at hundreds/second due to no localhost rate limiting, auto-register as trusted device, granting admin control.[4][6]
- •Additional CVEs include CVE-2026-26319, CVE-2026-26322, CVE-2026-26329; total audit found 512 vulnerabilities, 8 critical, plus risks like indirect prompt injection and leaked API keys.[1][5][6]
🔮 Future ImplicationsAI analysis grounded in cited sources
OpenClaw deployments will decline 50% by mid-2026 due to persistent RCE exploits
Enterprises will mandate AI agent security audits before deployment
Local AI frameworks will standardize SSH-only remote access by Q3 2026
Default insecure exposures stem from direct internet deployments ignoring documentation, driving industry shifts to hardened configurations after OpenClaw's scale demonstrated risks.[2]
⏳ Timeline
2026-01
OpenClaw goes viral, gaining 25,000 GitHub stars in one day as fastest-growing open-source project.
2026-01-27
Censys identifies 21,639 exposed instances; Bitsight observes 30,000+ in early analysis window.
2026-01-29
First RCE/command injection flaws disclosed and patched in version 2026.1.29 within 24 hours.
2026-02-09
SecurityScorecard reports 40,214+ exposed instances, 42.9K unique IPs, 15.2K RCE-vulnerable.
2026-02-26
ClawJacked (CVE-2026-25253) disclosed by Oasis Security, patched same day in version 2026.2.26.
2026-03
Counts escalate to 135K-270K+ exposed instances amid ongoing hype and security reports.
📎 Sources (8)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
- infosecurity-magazine.com — Researchers 40000 Exposed Openclaw
- cyberpress.org — Over 21000 Openclaw AI Instances Found Exposing Personal Configuration Data
- ainvest.com — Openclaw 30 000 Exposed Instances Flow Stolen Keys Crypto Wallets 2603
- securityaffairs.com — Clawjacked Flaw Exposed Openclaw Users to Data Theft
- penligent.ai — Over 220000 Openclaw Instances Exposed to the Internet Why Agent Runtimes Go Naked at Scale
- adminbyrequest.com — Openclaw Went From Viral AI Agent to Security Crisis in Just Three Weeks
- pub.towardsai.net — Openclaw Was the Future of AI Then Big Tech Banned It Broke It and Bought It F950d37cbdaf
- esecurityplanet.com — Openclaws Rapid Rise Exposes Thousands of AI Agents to the Public Internet
📰
Weekly AI Recap
Read this week's curated digest of top AI events →
👉Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: 钛媒体 ↗



