Large numbers of OpenClaw instances were reported exposed to the public internet
A February 2026 report summarized SecurityScorecard research describing more than 40,000 publicly exposed OpenClaw instances and a large subset considered vulnerable or exploitable through remote-code-execution paths.
Date
Feb 9, 2026
First Seen
Feb 9, 2026
Last Reviewed
Mar 11, 2026
Publisher
Infosecurity Magazine
Source Type
article
Related reading
OpenClaw Security GuideA practical baseline for local binding, scoped credentials, sandboxing, runtime checks, and Armorer Guard.
Securing OpenClaw with Armorer GuardHow Armorer wraps OpenClaw with managed setup, Docker hardening, health checks, approvals, and Guard-backed scanning.
Mass Exposed OpenClaw Instances
Summary
A February 2026 report summarized SecurityScorecard research describing more than 40,000 publicly exposed OpenClaw instances and a large subset considered vulnerable or exploitable through remote-code-execution paths.
Why It Matters
This is not a single-victim case. It points to repeatable deployment mistakes at scale, which means attackers can find exposed OpenClaw systems opportunistically rather than needing a bespoke target.
Attack Path
- Operators deploy OpenClaw with public reachability or unsafe binding assumptions.
- Instances remain exposed without adequate auth or hardening.
- Attackers enumerate internet-facing nodes and exploit reachable control surfaces or known weaknesses.
Affected Surface
- internet-facing OpenClaw deployments
- weak or absent control-plane access restrictions
- instances with known vulnerable components or exposed management paths
Evidence
Mitigations
- Keep gateways local-only by default.
- Require token auth and approval gates for privileged actions.
- Scan for exposed OpenClaw instances in your own environment.
- Audit externally reachable instances for known vulnerable versions and weak access controls.
Open Questions
- Add the primary SecurityScorecard report if a stable directly accessible URL becomes available.