OpenClaw AI Agent Orchestration Tool Poses Significant Enterprise Security Risks
Monday, February 16, 2026
What
OpenClaw, a widely adopted open-source tool for orchestrating personal AI agents, has been identified with critical security vulnerabilities that allow attackers to bypass authentication, steal credentials, and execute remote code. This poses a significant threat to enterprises as the tool can access and exfiltrate sensitive data, leading to regulatory fines and reputational damage.
Where
Enterprises globally are affected, particularly those where employees use OpenClaw, especially within corporate chat platforms like Discord, Telegram, and WhatsApp, and where instances are exposed online.
When
Security researchers from OX Security, Gartner, and Noma Security have been warning about and discovering vulnerabilities in OpenClaw since at least late January.
Key Factors
- •OpenClaw's design allows it to perform actions equivalent to a user, but its external control and lack of a robust security model make it a high-risk tool for businesses.
- •Researchers have identified over 42,000 exposed instances, with 93% exhibiting critical authentication bypass vulnerabilities and documented attack paths for credential theft and remote code execution.
- •A newly discovered flaw allows attackers in shared chat channels to command OpenClaw agents to exfiltrate sensitive data like tokens, passwords, and API keys to an attacker-controlled server within seconds.
Takeaways
- →CISOs should prohibit the use of OpenClaw within their organizations until a mature security model and proven safeguards are established.
- →Organizations must audit their environments for existing OpenClaw deployments and immediately secure or remove any identified instances to prevent data breaches and compliance violations.
Opens original article on CSO Online
