Customers love OpenClaw; attackers do, too
OpenClaw (previously Clawdbot and Moltbot) is a free, open-source, autonomous AI agent that launched on January 29 and nearly instantly went viral. Based on its developer, Peter Steinberger, its repo had greater than 2 million guests over the course of a single week, and it’s estimated that it has been downloaded 720,000 instances per week.
OpenClaw runs regionally on a consumer’s {hardware} slightly than within the cloud, and might carry out autonomous, real-world actions on their behalf, akin to studying emails, looking internet pages, operating apps, or managing calendars.
Nonetheless, nearly instantly after launch, it raised critical security points: It’s vulnerable to immediate injection assaults, authentication bypasses, and server-side request forgery (SSRF), amongst different assaults. Many enterprises have responded by severely proscribing, or outright banning, the AI agent.
