OpenClaw Exposes the Real Cybersecurity Risks of Agentic AI

Staff Editor 2026-04-17
OpenClaw Exposes the Real Cybersecurity Risks of Agentic AI

OpenClaw Exposes the Real Cybersecurity Risks of Agentic AI

https://www.infosecurity-magazine.com/opinions/openclaw-exposes-real-security/

Publish Date: 2026-04-17 10:30:00

Source Domain: www.infosecurity-magazine.com

One of today’s hot topics in infosec is Agentic AI.  For senior leaders it looks like magic – reduce your headcount, be more efficient and move more quickly.  But does the hype match the reality.  And do business leaders understand the security risks?

Agentic AI typically involves one AI system orchestrating multiple other tools or agents to execute a chain of tasks. In more advanced deployments, agents operate autonomously, selecting which tools to use and how to complete an objective without human intervention. While this architecture can drive efficiency, it also introduces a fragmented and dynamic attack surface.   And in some organizations a loss of control.

Without effective governance, visibility and control, risks can escalate rapidly. Until recently, these risks were largely theoretical; however, the OpenClaw investigation shows how quickly those concerns can become real.  And how quickly regulators can get involved too.

The OpenClaw Exposure

OpenClaw was built in late 2025 as a “weekend project” by its author, Peter Steinberger, and quickly gained traction. Steinberger said that his GitHub repository attracted around 2 million visitors in a single week, with many developers incorporating the code into their Agentic AI infrastructure.

However, on 9 February 2026, a report identified significant vulnerabilities. Researchers discovered more than 42,000 unique IP addresses hosting exposed OpenClaw control panels across 82 countries, many with full system access.

The report identified almost 50,000 instances where devices appeared vulnerable to remote code execution (RCE). In practical terms, this could allow an attacker to exploit the OpenClaw gateway to take control of the affected system.

OpenClaw deployments were heavily concentrated across major cloud and hosting providers. Depending on configuration, these vulnerabilities could also allow threat actors to access connected third-party services, including email, calendars, chat…

Source

More Stories

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Staff Editor 2026-06-07
DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

Staff Editor 2026-06-07
Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy