A new report out today from security rating firm SecurityScorecard Inc. warns that widespread vulnerabilities in OpenClaw deployments have left tens of thousands of internet-facing instances exposed to takeover through misconfigured access controls and known exploits.

OpenClaw, formerly known as Clawdbot and Moltbot, is an agentic artificial intelligence framework designed to run continuously and act on behalf of users. The software allows AI agents to execute commands, interact with external services, integrate with messaging platforms and operate with broad system-level permissions. It has become increasingly popular among developers, enterprises and individual users experimenting with autonomous assistants capable of performing real-world tasks rather than simply generating responses.

While OpenClaw may be rapidly growing in popularity, according to SecurityScorecard’s STRIKE Threat Intelligence team, that growing adoption has been accompanied by systemic security weaknesses.

The STRIKE researchers identified 28,663 unique IP addresses hosting exposed OpenClaw control panels across 76 countries using live internet-wide reconnaissance. Of those, 12,812 instances were flagged as vulnerable to remote code execution, with 63% of observed deployments classified as exploitable.

The researchers also found that 549 exposed instances correlated with prior breach activity, indicating that some affected environments had already been compromised.

The report highlights that many OpenClaw deployments are exposed by unsafe defaults and poor deployment hygiene. Out of the box, OpenClaw binds its control interface to all network interfaces, making it accessible from the public internet unless explicitly restricted.

A large proportion of exposed instances were also found to be running outdated versions of the software, despite patches being available for several high-severity vulnerabilities. Only a minority of exposed systems were running the latest release of OpenClaw.

Many of the exposed installations were found to have three high-severity Common Vulnerabilities and Exposures, all with publicly available exploit code and scores ranging from 7.8 to 8.8. Exploitation of the vulnerabilities could allow attackers to take full control of the host system and inherit everything the AI agent is permitted to access, such as application programming interface keys, OAuth tokens, SSH credentials, browser sessions and connected messaging accounts.

Added to the mix is that because OpenClaw agents are designed to act with legitimate authority, malicious activity can appear normal and, as a consequence, delay detection and increase potential impact.

OpenClaw instances were also found to be heavily concentrated within major cloud and hosting providers, suggesting insecure deployment patterns are being reused at scale. During the research period, the number of identified internet-facing instances continued to grow, ultimately exceeding 40,000 exposed deployments.

The report concludes that OpenClaw is not an isolated case but a leading indicator of a broader security challenge facing agentic AI.

SecurityScorecard warns that as organizations increasingly deploy AI systems with the ability to act autonomously, traditional security failures such as exposed management interfaces, weak authentication and unsafe defaults are being amplified by automation. That’s creating high-value targets for attackers rather than productivity gains.

Image: SiliconANGLE/Ideogram