Agents
OpenClaw Security Crisis Scale: 42,000+ Internet-Exposed Deployments Identified, Many Without Authentication
Multiple independent scanning teams have identified over 42,000 internet-exposed OpenClaw deployments, the majority running without authentication with access tokens appearing in query parameters and shared global context exposing secrets across users. The scale compounds the ClawHavoc supply chain attack (1,184 malicious skills) and the no-click data exfiltration vulnerability — creating a three-vector threat: poisoned skills supply chain, SSRF-via-link-preview exfiltration, and unauthenticated remote control interfaces. Bitdefender published a technical advisory specifically for enterprise network defenders on OpenClaw exploitation in corporate environments.
↳ Follow the thread