💰Stalecollected in 2h

270K OpenClaw 'Lobsters' Running Exposed

270K OpenClaw 'Lobsters' Running Exposed
PostLinkedIn
💰Read original on 钛媒体

💡Mass OpenClaw exposures expose open-source AI security flaws—check your deploys now.

⚡ 30-Second TL;DR

What Changed

270K OpenClaw instances publicly exposed

Why It Matters

Highlights deployment risks in open-source AI hype, urging secure practices for widespread model use.

What To Do Next

Audit OpenClaw instances for public exposure using tools like Shodan.

Who should care:Developers & AI Engineers

🧠 Deep Insight

Web-grounded analysis with 8 cited sources.

🔑 Enhanced Key Takeaways

  • OpenClaw, previously known as Clawdbot and Moltbot, is an open-source AI agent framework for local autonomous assistants connecting LLMs to tools, browsers, and system resources.[1][2][4]
  • Multiple high-severity vulnerabilities identified, including ClawJacked (CVE-2026-25253) enabling RCE and data theft via brute-force on localhost, patched in version 2026.2.26 on February 26.[3][4][6]
  • Attackers exploited exposures through GitHub fake installers delivering Vidar/Atomic Stealer malware and poisoned marketplace skills, leading to crypto wallet and credential theft.[3]
  • Exposed instances correlated with breach activity (549 cases) and vulnerabilities (1493 cases); 63% vulnerable, with concentrations in China, US, Singapore, and industries like information services.[1][2][5]

🛠️ Technical Deep Dive

  • OpenClaw runs locally on TCP port 18789 with web browser interface; documentation recommends SSH tunnels, but default lacks authentication, WebSocket origin checks, and login rate limiting.[2][6]
  • ClawJacked flaw (CVE-2026-25253, CVSS 8.8) allowed malicious sites to brute-force passwords at hundreds/second due to no localhost rate limiting, auto-register as trusted device, granting admin control.[4][6]
  • Additional CVEs include CVE-2026-26319, CVE-2026-26322, CVE-2026-26329; total audit found 512 vulnerabilities, 8 critical, plus risks like indirect prompt injection and leaked API keys.[1][5][6]

🔮 Future ImplicationsAI analysis grounded in cited sources

OpenClaw deployments will decline 50% by mid-2026 due to persistent RCE exploits
Multiple unpatched instances remain exposed and attackers continue using fake installers and marketplace poisoning despite rapid patches, eroding trust in rapid AI agent adoption.[3][6]
Enterprises will mandate AI agent security audits before deployment
Correlations of exposures with breaches and 63% vulnerability rate across 220K+ instances highlight systemic risks, prompting IT oversight as seen in post-incident recommendations.[1][5]
Local AI frameworks will standardize SSH-only remote access by Q3 2026
Default insecure exposures stem from direct internet deployments ignoring documentation, driving industry shifts to hardened configurations after OpenClaw's scale demonstrated risks.[2]

Timeline

2026-01
OpenClaw goes viral, gaining 25,000 GitHub stars in one day as fastest-growing open-source project.
2026-01-27
Censys identifies 21,639 exposed instances; Bitsight observes 30,000+ in early analysis window.
2026-01-29
First RCE/command injection flaws disclosed and patched in version 2026.1.29 within 24 hours.
2026-02-09
SecurityScorecard reports 40,214+ exposed instances, 42.9K unique IPs, 15.2K RCE-vulnerable.
2026-02-26
ClawJacked (CVE-2026-25253) disclosed by Oasis Security, patched same day in version 2026.2.26.
2026-03
Counts escalate to 135K-270K+ exposed instances amid ongoing hype and security reports.
📰

Weekly AI Recap

Read this week's curated digest of top AI events →

👉Related Updates

AI-curated news aggregator. All content rights belong to original publishers.
Original source: 钛媒体