SecurityScorecard — Tens of Thousands of Exposed OpenClaw Instances, 35% RCE-vulnerable
AI relevance: OpenClaw agents are designed with high-privilege access to local systems, connected APIs, and messaging surfaces — so internet-exposed, RCE-vulnerable instances give attackers direct control over autonomous agents that can act on behalf of their operators.
- SecurityScorecard's STRIKE Threat Intelligence team identified tens of thousands of publicly exposed OpenClaw deployments across the internet, tracked on a live dashboard at declawed.io.
- 35.4% of observed deployments were flagged as vulnerable to Remote Code Execution (RCE) at the time of publication — meaning an attacker could send a malicious request and execute arbitrary code on the underlying host.
- The research pivots the narrative away from "autonomous AI superintelligence" risk toward the immediate, practical threat: exposed infrastructure that attackers already know how to exploit at scale.
- STRIKE's dashboard updates exposure data every 15 minutes, showing real-time vulnerability trends and giving defenders the same visibility adversaries have.
- OpenClaw's architecture — WebSocket gateway connecting 50+ messaging channels with file management, code execution, and SSH tooling — makes each exposed instance a high-value target: compromise one agent, and you inherit its access to connected services and infrastructure.
- Jeremy Turner, SecurityScorecard VP of Threat Intelligence: "There's no shortage of adversaries that want to target those exposures if they aren't already."
Why it matters
Agentic AI frameworks are not traditional web services — they are designed to take actions on behalf of users. An exposed OpenClaw instance is not just a web server; it is an autonomous operator with access to messaging accounts, file systems, development environments, and connected APIs. The 35.4% RCE-vulnerable rate means roughly one in three internet-facing instances can be fully compromised with a single request. At tens of thousands of instances, the addressable attack surface is enormous.
What to do
- Check your OpenClaw deployment against declawed.io to see if your instance is publicly exposed or flagged as vulnerable.
- Ensure the gateway is not internet-facing — use local-loop binding, VPN, or authenticated reverse proxy for remote access.
- Update to the latest OpenClaw version to patch known RCE vulnerabilities; the March-May 2026 release cycle addressed multiple critical CVEs.
- Enable authentication on all gateway endpoints and review which channels and tools are exposed to untrusted networks.
- Treat AI agent infrastructure with the same perimeter-defense standards as any other high-privilege service: no unauthenticated internet exposure.