OpenClaw’s Viral Rise Exposes Security Risks in Agentic AI

OpenClaw, an open-source AI assistant, is rapidly gaining traction and security researchers say its spread is exposing a new set of enterprise risks that traditional defenses may not be watching.

According to creator Peter Steinberger, OpenClaw has crossed 180,000 GitHub stars and attracted 2 million visitors in a single week. The tool was previously known as Clawdbot and later Moltbot, and has been rebranded twice in recent weeks due to trademark disputes.

That momentum comes with a warning: internet scans by security researchers have found more than 1,800 exposed instances that were leaking sensitive data including API keys, chat histories, and account credentials.

The VentureBeat report frames OpenClaw as an example of a broader shift: a “grassroots agentic AI movement” that expands organizations’ attack surfaces in ways many security tools can’t easily see.

A key issue is deployment reality. The report notes that enterprise security teams didn’t roll OpenClaw out—and neither did their firewalls, endpoint detection and response (EDR), or security information and event management (SIEM) systems. When agents run on BYOD hardware, the article says, security stacks can effectively go blind.

VentureBeat also argues that many organizations treat agentic AI like a standard development tool and apply conventional access controls. But in this model, agents can operate inside authorized permissions, pull context from sources influenced by attackers, and execute actions autonomously—activity that may not be visible at the perimeter.

“AI runtime attacks are semantic rather than syntactic,” Carter Rees, VP of Artificial Intelligence at Reputation, told VentureBeat. “A phrase as innocuous as ‘Ignore previous instructions’ can carry a payload as devastating as a buffer overflow, yet it shares no commonality with known malware signatures.”

• Adoption is accelerating: OpenClaw has passed 180,000 GitHub stars and saw 2 million visitors in a week, per its creator.
• Exposure is already showing up online: researchers report 1,800+ instances exposed and leaking API keys, chat histories, and credentials.
• Visibility gaps are central: the report emphasizes that BYOD agent deployments may sit outside typical enterprise controls like firewalls, EDR, and SIEM.