Customers love OpenClaw; attackers do, too
OpenClaw (previously Clawdbot and Moltbot) is a free, open-source, autonomous AI agent that launched on January 29 and virtually instantly went viral. In line with its developer, Peter Steinberger, its repo had greater than 2 million guests over the course of a single week, and it’s estimated that it has been downloaded 720,000 occasions every week.
OpenClaw runs regionally on a consumer’s {hardware} somewhat than within the cloud, and may carry out autonomous, real-world actions on their behalf, comparable to studying emails, searching internet pages, operating apps, or managing calendars.
Nevertheless, virtually instantly after launch, it raised severe safety points: It’s vulnerable to immediate injection assaults, authentication bypasses, and server-side request forgery (SSRF), amongst different assaults. Many enterprises have responded by severely limiting, or outright banning, the AI agent.
