OpenClaw Vulnerabilities Expose 245,000 AI Agent Servers

Four critical vulnerabilities in OpenClaw, an open-source autonomous agent framework, expose approximately 245,000 publicly accessible server instances to remote exploitation, credential theft, and backdoor installation. Originally launched as Clawdbot, OpenClaw connects large language models to filesystems and SaaS applications, making it a high-value target for attackers seeking lateral movement and data exfiltration.

The discovered flaws enable severe policy bypasses and API credential leaks. Specifically, vulnerable npm package versions prior to 2026.4.20 contain moderate-severity issues that allow remote attackers to execute arbitrary commands or steal authentication tokens. The OpenClaw maintainers have since released security updates addressing these vulnerabilities.

The rapid adoption of AI agent frameworks without hardened defaults creates a lucrative attack surface. Security researchers note that attackers can leverage agent-level access to move laterally across environments and exfiltrate sensitive data. Organizations running OpenClaw instances are urged to upgrade to the latest version immediately and audit their exposure, as many deployments remain unpatched and publicly accessible on the internet.