SecurityScorecard: 135,000 plus internet-exposed OpenClaw instances found

by

A report by SecurityScorecard said its STRIKE team found more than 135,000 internet-exposed OpenClaw instances worldwide as of Monday.

KEY FACTS

  • Scope 135,000 plus internet-facing OpenClaw instances
  • RCE exposure more than 50,000 instances vulnerable to a known remote code execution bug
  • Linked breaches over 53,000 instances associated with previously reported breaches
  • Default binding OpenClaw listens by default on 0.0.0.0:18789

OpenClaw is an open-source, agentic AI platform whose skill store has contained malicious extensions and which has been assigned several high-risk CVEs in recent weeks.

Counts of internet-exposed instances increased sharply after the initial publication, rising from about 40,000 to more than 135,000 at the time of this story. Instances vulnerable to an established and patched RCE bug rose to over 50,000 in the same interval.

The platform binds to 0.0.0.0:18789 by default, which makes it listen on all network interfaces including the public internet. Compromise of an instance can expose credential stores, filesystems, messaging platforms, browser data, and cached personal information accessible to the agent.

Immediate mitigations include changing the network binding to 127.0.0.1 to restrict access to localhost, limiting agent permissions, testing deployments in isolated virtual machines, and applying available patches for disclosed vulnerabilities.

WHY IT MATTERS

Large numbers of exposed, vulnerable agent instances increase the risk of credential theft, data loss, and lateral movement into networks. Administrators should restrict access and apply patches before wider deployment.