Introduction to OpenClaw Exploitation
Multiple hacking groups have targeted OpenClaw, a widely adopted open-source autonomous AI framework. Previously known as MoltBot and ClawdBot, OpenClaw has become a critical target due to its architecture, which offers significant system access and memory integration capabilities. These features have made it appealing for credential theft and data breaches since its viral adoption in late January 2026.
The framework’s vulnerabilities were quickly exploited, with threat actors taking advantage of several high-risk flaws within 72 hours of its widespread usage.
Vulnerabilities and Exploitation Tactics
OpenClaw’s architecture presents several vulnerabilities, including a high-risk Remote Code Execution flaw identified as CVE-2026-25253. Threat actors have utilized these flaws, alongside supply chain poisoning and exposed administrative interfaces, to harvest credentials.
Analysts from Flare have reported over 30,000 OpenClaw instances being compromised. These instances were used to steal API keys, intercept communications, and spread malware through platforms like Telegram.
The ClawHavoc Campaign
One of the most significant campaigns exploiting OpenClaw, known as “ClawHavoc”, was identified on January 29, 2026. This campaign involved the mass deployment of malware, disguising malicious payloads as legitimate crypto tools for unsuspecting users. These tools included Atomic Stealer for macOS and keyloggers for Windows, which facilitated comprehensive system compromises.
By February, another campaign emerged, leveraging the OpenClaw community marketplace’s open publishing model to distribute backdoored skills. This allowed attackers to exfiltrate sensitive data such as OAuth tokens and API keys.
Implications and the Path Forward
A Shodan scan on February 18, 2026, revealed over 312,000 OpenClaw instances operating on a default port, many without authentication and exposed to the internet. This situation has been exacerbated by the rapid adaptation of organized threat groups, which have weaponized the OpenClaw ecosystem.
The incidents surrounding OpenClaw highlight the urgent need for security-by-design approaches in future AI frameworks. As OpenAI integrates OpenClaw’s development, there is a pressing demand for robust cybersecurity measures to protect autonomous AI agents.
Flare has advised companies utilizing autonomous assistants to secure API credentials and isolate AI workloads to mitigate these risks. Stay updated with the latest cybersecurity news by following us on Google News, LinkedIn, and X.
