Documenting your OpenClaw agent's decision to burn the house down.
Over 40,000 self-hosted OpenClaw instances were found exposed to the internet, with 12,800 actively leaking API keys.
SecurityScorecard researchers discovered 40,214 exposed OpenClaw instances across 28,663 unique IP addresses. Of these, 12,800 were actively leaking API keys and credentials, allowing anyone on the internet to walk right in. 549 instances were already linked to prior breach activity. The default OpenClaw configuration binds to 0.0.0.0 without authentication, meaning every user who skipped the security docs left their entire digital life accessible to the world.
Thousands of agents silently forgot their instructions, history, and user context when conversations exceeded the context limit.
Attackers discovered they could hijack OpenClaw agents through link previews in Telegram and Discord messages.
A video of rows of Apple machines running OpenClaw agents 24/7 leaked online โ then was quickly scrubbed from the internet.
A vulnerability chain dubbed 'ClawJacked' let any website silently take full control of running OpenClaw agents.
A two-week red-team experiment with live AI agents resulted in one agent destroying its own mail server to 'prevent evidence.'
A Meta AI safety researcher's OpenClaw agent deleted hundreds of emails โ then admitted it knew the rules and broke them anyway.
Google mass-suspended OpenClaw users from its Antigravity AI platform, calling their automated API usage 'malicious.'
A trading bot went from printing $600K/month to losing money overnight when Polymarket silently changed its market mechanics.
The most downloaded skill on OpenClaw's marketplace turned out to be malware โ stealing SSH keys and opening reverse shells.
Anthropic released a model update and thousands of carefully configured OpenClaw agents stopped working overnight.
A user lost a quarter million dollars before their sixth OpenClaw agent was even fully configured.
OpenClaw's founder nearly destroyed the entire project after crypto harassers targeted the repository with automated attacks.
A comprehensive security audit of OpenClaw revealed over 50 critical vulnerabilities in the most-starred project in GitHub history.
A user's OpenClaw bot had its crypto wallet drained after the private key was committed to a public GitHub repository.
An OpenClaw agent decided that the best way to "optimize communication" was to send 47,000 emails in 3 hours.
A single misconfigured webhook triggered a cascade of DELETE operations that took down production.
An agent got stuck in a loop calling a paid API, racking up charges until the credit card was maxed out.