• Home
  • cyber
  • OpenClaw: Researchers Find 40,000+ Exposed OpenClaw Instances
cyber Vulnerability

OpenClaw: Researchers Find 40,000+ Exposed OpenClaw Instances

Feb 9, 2026 2 min read
OpenClaw: Researchers Find 40,000+ Exposed OpenClaw Instances

Thousands of OpenClaw AI Assistants Exposed Online, Raising Security Risks

SecurityScorecard has identified 40,214 publicly exposed instances of OpenClaw, a widely used AI assistant tool (formerly known as Clawdbot and Moltbot), linked to 28,663 unique IP addresses. The misconfigured deployments leave systems vulnerable to unauthorized access, with 63% of instances found to be exploitable including 12,812 at risk of remote code execution (RCE), which could allow full host machine takeover.

The firm has already detected 549 exposed instances tied to prior breach activity and 1,493 with known vulnerabilities, including three high-severity CVEs with publicly available exploit code. Threat actors could leverage these flaws to compromise sensitive systems, particularly in industries like information services, technology, manufacturing, and telecommunications, with the highest concentrations of exposures in China, the U.S., and Singapore.

Beyond RCE, OpenClaw instances face indirect prompt injection risks, where attackers embed malicious instructions in messages or hidden website text, tricking the AI into executing unintended actions. Additionally, some users have inadvertently leaked API keys via control panels, further expanding the attack surface.

SecurityScorecard warns that the centralized access of these AI agents amplifies risk, mirroring long-standing security challenges with cloud tools and shadow IT. The findings underscore the need for stricter access controls and vigilance in AI deployment.

Source: https://www.infosecurity-magazine.com/news/researchers-40000-exposed-openclaw/

OpenClaw cybersecurity rating report: https://www.rankiteo.com/company/openclawai

"id": "OPE1770630718",
"linkid": "openclawai",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': ['Information Services',
                                     'Technology',
                                     'Manufacturing',
                                     'Telecommunications'],
                        'location': ['China', 'U.S.', 'Singapore'],
                        'type': 'AI Assistant Tool'}],
 'attack_vector': ['Publicly Exposed Instances',
                   'Remote Code Execution (RCE)',
                   'Indirect Prompt Injection',
                   'Leaked API Keys'],
 'data_breach': {'sensitivity_of_data': 'High (potential for full host machine '
                                        'takeover)',
                 'type_of_data_compromised': ['API Keys',
                                              'Sensitive System Access']},
 'description': 'SecurityScorecard identified 40,214 publicly exposed '
                'instances of OpenClaw, a widely used AI assistant tool, '
                'linked to 28,663 unique IP addresses. The misconfigured '
                'deployments leave systems vulnerable to unauthorized access, '
                'with 63% of instances found to be exploitable, including '
                '12,812 at risk of remote code execution (RCE). Threat actors '
                'could leverage these flaws to compromise sensitive systems, '
                'particularly in industries like information services, '
                'technology, manufacturing, and telecommunications. The '
                'highest concentrations of exposures are in China, the U.S., '
                'and Singapore. The incident also highlights indirect prompt '
                'injection risks and leaked API keys via control panels.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'security risks',
            'operational_impact': 'Potential unauthorized access and host '
                                  'machine takeover',
            'systems_affected': '40,214 exposed instances of OpenClaw AI '
                                'assistants'},
 'lessons_learned': 'The incident underscores the need for stricter access '
                    'controls and vigilance in AI deployment, particularly '
                    'regarding misconfigurations and shadow IT risks.',
 'post_incident_analysis': {'corrective_actions': ['Stricter access controls',
                                                   'Vulnerability patching',
                                                   'Enhanced monitoring'],
                            'root_causes': ['Misconfigured deployments',
                                            'Publicly exposed instances',
                                            'Lack of access controls']},
 'recommendations': ['Implement stricter access controls for AI tools',
                     'Monitor and secure publicly exposed instances',
                     'Address misconfigurations and vulnerabilities promptly',
                     'Educate users on risks of indirect prompt injection and '
                     'API key leaks'],
 'references': [{'source': 'SecurityScorecard'}],
 'title': 'Thousands of OpenClaw AI Assistants Exposed Online, Raising '
          'Security Risks',
 'type': ['Misconfiguration',
          'Exposure of Sensitive Information',
          'Vulnerability Exploitation'],
 'vulnerability_exploited': ['CVE (3 high-severity with publicly available '
                             'exploit code)',
                             'Misconfigured Deployments']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.