OpenClaw’s Security Struggles: Why the Popular AI Assistant Remains a Hacker’s Dream
OpenClaw — once known as Clawdbot and Moltbot — has become one of the most talked‑about AI assistants in 2026. On February 14, its developer Peter Steinberger announced a move to OpenAI, with OpenClaw transitioning into the OpenClaw Foundation under OpenAI’s financial and technical support.
But while its utility for professionals is undeniable, its security record remains troubling. Cisco Talos summed it up best: “Groundbreaking for users, an absolute nightmare for defenders.”
Recent Security Fixes
OpenClaw has made strides in patching vulnerabilities:
- CVE‑2026‑25157 fixed in version 2026.1.25 (Jan 25).
- CVE‑2026‑25253 (one‑click RCE) patched in 2026.1.29 (Jan 29), though incomplete.
- CVE‑2026‑24763 (Docker sandbox bypass) fixed in 2026.1.30.
- CVE‑2026‑25593 and CVE‑2026‑25475 also resolved in 2026.1.30.
As of version 2026.2.17, there are no known unfixed CVEs. Yet, older versions remain widely deployed, leaving thousands of users exposed.
Ongoing Risks
- Legacy Deployments: Anything older than 2026.1.30 is still exploitable.
- Misconfigurations: Many users fail to harden deployments, leaving “doors unlocked.”
- Supply Chain Attack – ClawHavoc: Malicious skills in ClawHub tricked users into installing infostealers that stole API keys, granting attackers full control.
- Public Exposure: Censys identified 21,639 exposed instances of OpenClaw on the internet as of January 31.
Defensive Innovation: SecureClaw
Alex Polyakov of Adversa AI launched SecureClaw, the first open‑source security tool purpose‑built for OpenClaw.
- Runs 55 automated audit/hardening checks.
- Maps protections to OWASP Agentic Security Initiative, MITRE ATLAS, and CoSAI Agentic AI Security.
- Functions as both a plugin and behavioral skill, teaching OpenClaw to recognize attacks.
- Covers incidents like CVE‑2026‑25253, ClawHavoc IoCs, Moltbook‑style exposures, and credential harvesting.
Polyakov admits SecureClaw doesn’t “solve” prompt injection — but it makes exploitation significantly harder through layered defenses.
Conclusion
OpenClaw is too valuable to abandon, but too insecure to ignore. With OpenAI’s backing, the OpenClaw Foundation has a chance to enforce stronger defaults, vet marketplace plugins, and integrate tools like SecureClaw.
Until then, the reality is stark: OpenClaw continues to commit mass carnage on the internet, and too few users are listening.
Follow Us On – X.com, Telegram, LinkedIN, Discord Server,
For The Latest Updates, Vulnerability Insights, Security News, Cyberattack Scoops And Cybersecurity Best Practices Delivered Straight To Your Inbox – Subscribe To Our Newsletter
