TechRadar: Agents Granting Dangerous Access

Security researchers say OpenClaw AI agents exposed control panels on the public internet, allowing attackers to take over more than 28,000 systems. (techradar.com) SecurityScorecard’s STRIKE team reported tens of thousands of exposed OpenClaw instances and flagged 35.4% of observed deployments as vulnerable to remote code execution. (securityscorecard.com) MITRE’s ATLAS investigation mapped multiple OpenClaw attack chains and documented exposed control interfaces that let researchers harvest credentials and achieve root execution in containers. (mitre.org) OpenClaw runs locally with a gateway that executes shell commands, reads files, and can connect to messaging apps and cloud APIs, a design Cisco analysts called a “security nightmare.” (blogs.cisco.com) Researchers and vendors documented supply‑chain abuse and infostealers: Bastion reported 135,000+ exposed instances, 12,812 exploitable via a tracked RCE (CVE‑2026‑25253), and more than 1,100 malicious skills in the ClawHub marketplace. (bastion.tech) (alice.io) Oasis Security disclosed a “ClawJacked” website‑to‑local gateway chain and said OpenClaw’s developers classified the flaw as High severity and shipped a fix in under 24 hours (update to 2026.2.25). (oasis.security) Regulators and national authorities raised alarms: the Dutch data protection authority warned AI agents like OpenClaw pose “major risks” to data breaches and account takeover, and vendors urged organizations to inventory agents and lock down credentials. (autoriteitpersoonsgegevens.nl) (bitdefender.com) Security teams and researchers say immediate steps include patching vulnerable OpenClaw versions, auditing agent permissions and gateway tokens, and removing internet‑accessible control panels to prevent further credential theft. (securityscorecard.com)