Thousands of internet-facing control panels connected to the AI automation tool OpenClaw are vulnerable to takeover due to misconfigured access controls and known software flaws, according to a new report by SecurityScorecard. The cybersecurity firm’s research highlights a significant security risk posed by exposed AI infrastructure.
The STRIKE Threat Intelligence team identified 28,663 unique IP addresses hosting exposed OpenClaw control panels across 76 countries. Of these, 12,812 instances were found to be vulnerable to remote code execution, allowing attackers to potentially gain full control of the affected machines. The report indicates that 63 percent of observed OpenClaw deployments are vulnerable.
Exposed OpenClaw Instances Pose Significant Security Risks
The findings emerge as OpenClaw, previously known as Moltbot and Clawdbot, along with its platform Moltbook, have garnered attention for their AI agents interacting publicly. While much of the discussion has centered on speculation about advanced artificial intelligence, security experts are emphasizing the tangible threats stemming from insecure infrastructure and excessive permissions granted to these automated tools. The primary concern is not sentient AI, but the potential for exploitation of these systems.
Identified Vulnerabilities and Exploitability
SecurityScorecard identified three high-severity vulnerabilities (CVEs) with CVSS scores ranging from 7.8 to 8.8, for which public exploit code is available. Additionally, 549 exposed instances were linked to previous breach activity, and 1,493 were associated with known software vulnerabilities. The concentration of exposed OpenClaw instances on major cloud and hosting providers suggests that insecure configuration practices are widespread.
Researchers observed over 40,000 internet-exposed OpenClaw instances, a number that continues to grow. The STRIKE team utilized a combination of internet-wide scanning, fingerprinting techniques, breach correlation data, and API analysis to map the scale of adoption and misconfigurations. The study also noted public indications of insecure usage, including numerous open GitHub security issues and repositories containing leaked credentials, suggesting systemic issues.
Expert Warnings on AI Agent Permissions
Jeremy Turner, VP of Threat Intelligence at SecurityScorecard, stated that the rapid adoption of AI agentic tools like Moltbot and Moltbook presents significant security challenges when implemented without adequate precautions. He emphasized the critical need to focus on how these tools impact identity, access, and permissions management.
Turner cautioned that connecting AI assistants to sensitive platforms, password managers, or cryptocurrency wallets effectively grants them extensive identity and permission access. A compromise of such a system could enable attackers to send fraudulent communications or execute unauthorized financial transactions. The convenience offered by automation, he warned, can obscure these underlying security risks.
Focus on Access Control Over AI Capabilities
“The underlying issue with Moltbot, has nothing to do with the content being generated, it’s all about access,” Turner explained. “When you connect an AI agent to a platform, you’re essentially handing over identity and permissions. That access can be dangerous if the system is compromised.” He used the example of an AI assistant sending a fraudulent cryptocurrency transfer instruction, which could lead to significant financial losses if integrated with financial accounts or password managers.
SecurityScorecard has made its findings publicly available, omitting sensitive technical details while retaining information on exposure trends and vulnerability types. The research underscores the expanding attack surface created by poorly secured AI-driven automation. Organizations and individuals experimenting with agentic AI are strongly advised to implement strict permission limitations, adopt a zero-trust security model, and maintain vigilant monitoring of system behavior.
The ongoing proliferation of AI-powered assistants transitioning from experimental phases into mainstream use necessitates robust access controls, according to SecurityScorecard. The company’s research highlights the critical need for enhanced security measures as these technologies become more integrated into daily operations.
Moving forward, organizations will need to closely monitor the evolution of AI security best practices and the implementation of these recommendations by users of OpenClaw and similar tools. The next steps will likely involve further research into specific attack vectors and the development of more comprehensive security solutions for AI-driven automation platforms.