2026-01
AI Supply Chain
OpenClaw (open source)

Viral OpenClaw agent leaves tens of thousands of instances exposed

What happened

The viral open-source personal AI agent (Clawdbot → Moltbot → OpenClaw) triggered a cascade of failures: researchers verified thousands of internet-exposed instances (93% with authentication bypass), cleartext credential storage leaking API keys, a 1-click RCE (CVE-2026-25253, CVSS 8.8), and hundreds of malicious skills in its registry delivering a macOS infostealer. A companion agent social network leaked ~35,000 emails and 1.5 million agent tokens via a misconfigured backend.

Impact

Thousands of users' API keys, gateway tokens, and machine access were exposed or actively stolen through vulnerable deployments and a poisoned skill supply chain.

How this could have been prevented

Agent platforms need secure-by-default deployment (auth required, encrypted secrets) and signed, vetted skill registries before granting agents broad system access.

Sources

More ai supply chain incidents

Would runtime governance have caught this?

Guardion enforces policy on every agent action inline — with visibility, tamper-evident evidence, and DLP for agents and MCPs.

Request a demo