Researchers Find 40,000+ Exposed OpenClaw Instances
This article summarizes SecurityScorecard reporting about publicly exposed OpenClaw instances and the security risk created by widespread misconfiguration.
Date
Feb 9, 2026
First Seen
Feb 9, 2026
Last Reviewed
Mar 11, 2026
Publisher
Infosecurity Magazine
Source Type
article
Related reading
OpenClaw Security GuideA practical baseline for local binding, scoped credentials, sandboxing, runtime checks, and Armorer Guard.
Securing OpenClaw with Armorer GuardHow Armorer wraps OpenClaw with managed setup, Docker hardening, health checks, approvals, and Guard-backed scanning.
Source Summary
What It Contains
This article summarizes SecurityScorecard reporting about publicly exposed OpenClaw instances and the security risk created by widespread misconfiguration.
Extracted Claims
- More than 40,000 OpenClaw instances were reported exposed online.
- A substantial subset was described as vulnerable or exploitable.
- The exposure issue is framed as operational misconfiguration at scale rather than a niche case.
Evidence Quality
Secondary reporting that cites primary SecurityScorecard research. Useful, but the primary report should still be added later if directly available.
Follow-Up
- Replace or supplement with the primary SecurityScorecard report when retrievable.