The viral open-source personal AI agent (Clawdbot → Moltbot → OpenClaw) triggered a cascade of failures: researchers verified thousands of internet-exposed instances (93% with authentication bypass), cleartext credential storage leaking API keys, a 1-click RCE (CVE-2026-25253, CVSS 8.8), and hundreds of malicious skills in its registry delivering a macOS infostealer. A companion agent social network leaked ~35,000 emails and 1.5 million agent tokens via a misconfigured backend.
Thousands of users' API keys, gateway tokens, and machine access were exposed or actively stolen through vulnerable deployments and a poisoned skill supply chain.
Agent platforms need secure-by-default deployment (auth required, encrypted secrets) and signed, vetted skill registries before granting agents broad system access.
Guardion enforces policy on every agent action inline — with visibility, tamper-evident evidence, and DLP for agents and MCPs.
Request a demo