TL;DR

SecurityScorecard has identified 40,214 exposed OpenClaw instances on the public internet, spanning 28,663 unique IP addresses. Some 63% of deployments were found to be vulnerable, with 12,812 exploitable through remote code execution. The findings highlight the security risks of deploying AI agent frameworks without proper access controls.

Scale of Exposure

The research found that 549 of the exposed instances could be correlated with prior breach activity, while 1,493 were associated with known vulnerabilities. Three high-severity CVEs with publicly available exploit code affect the exposed deployments, making them straightforward targets for attackers with even modest technical capability.

China accounts for the largest share of exposed instances, followed by the United States and Singapore. The information services industry was the most heavily impacted sector, though exposures were found across a range of industries.

Multiple Attack Vectors

The risks go beyond simple unauthorised access. SecurityScorecard identified three primary attack vectors affecting exposed OpenClaw deployments: remote code execution, indirect prompt injection, and API key leakage.

Remote code execution is the most immediately dangerous, allowing attackers to run arbitrary commands on the host system. Indirect prompt injection — where malicious instructions are embedded in data that the AI agent processes — presents a subtler threat, potentially causing the agent to take unintended actions. API key leakage can expose credentials for connected services, extending the blast radius of a compromise well beyond the OpenClaw instance itself.

SecurityScorecard VP Jeremy Turner warned against “blindly using these tools on personal systems,” noting that many deployments appear to have been set up without basic security hardening.

Looking Forward

The findings underscore a recurring pattern in emerging technology: rapid adoption outpacing security practices. SecurityScorecard recommends limiting access aggressively, adopting zero-trust architectures, monitoring agent logic for anomalous behaviour, and maintaining awareness of prompt injection risks. As AI agent frameworks like OpenClaw see wider deployment, the gap between ease of setup and secure configuration remains a significant concern for organisations and individuals alike.