Ten thousand OpenClaw AI agents turned out to be vulnerable to hacking due to incorrect settings.

Cyber Threats in AI Agent Systems: SecurityScorecard Report on the OpenClaw Platform

Research Object
The agent platform for artificial intelligence *OpenClaw* (formerly Clawbot, Moltbot)
Key Findings
Ten thousand systems are vulnerable to remote code execution due to automatic deployment and defective access settings
Data Volume
28 663 unique IP addresses in 76 countries; 12 812 exploitable; 549 already compromised

1. What is OpenClaw?
OpenClaw is an “agent” AI that runs continuously and executes commands on behalf of a user. It can:

* connect to external services;
* integrate with messengers;
* use system access privileges.

The platform is rapidly gaining popularity among developers and companies that want to test autonomous assistants in real tasks.

2. Why is it used so widely?
* Automatic deployment: many organizations install OpenClaw “out of the box” without manual configuration.
* Accessible control panels: by default, the panel binds to all network interfaces, making it exposed on the internet.

3. How many systems are at risk?
Criteria
Number of IP addresses with OpenClaw panels 28 663
Vulnerable instances (RCE) 12 812
Exploitable deployments 63 % of 12 812
Already compromised systems 549

> Trend – the number of open instances grew and ultimately exceeded 40 000.

4. What specifically makes them vulnerable?
1. Default settings
* The control panel is accessible from the internet without restrictions.
2. Outdated software versions
* Most systems run on old releases, even though patches are available for critical bugs.
3. Weak authentication
* Many instances use open interfaces and insecure default values.

5. Possible attack consequences
* Full control over the host system;
* Access to API keys, OAuth tokens, SSH keys, browser sessions, and messenger account records;
* Attackers can mask malicious activity as normal agent operation.

6. Why is this important?
OpenClaw is just one example of AI agent systems that are growing worldwide.
SecurityScorecard notes that:
* Automation amplifies traditional weaknesses: open interfaces, poor authentication, and defective default settings.
* This makes such systems “easy” targets for attacks;
* The question of whether the productivity gains from autonomy are justified becomes acute.

Conclusion
Secure deployment of AI agents requires stricter configuration and continuous updates.
OpenClaw’s problems are an indicator of a widespread threat faced by all AI agent systems.