OpenClaw Has 42,000+ Exposed Instances and a CVSS 8.8 RCE. Here's What You Need to Know.

Let's start with the numbers, because the numbers are what matter here. 42,000+ OpenClaw instances are currently exposed on the public internet. Of those, 93% have a critical authentication bypass that allows unauthenticated access. One of the active CVEs has a CVSS score of 8.8 . A single backend misconfiguration leaked 1.5 million API tokens and 35,000 user emails . This isn't speculation. These are documented findings from security researchers, public CVE disclosures, and audits by Snyk and others. Security researcher Maor Dayan called it "the largest security incident in sovereign AI history." If you run OpenClaw — or if you're evaluating any self-hosted AI platform — this article is your threat briefing. What Is OpenClaw? OpenClaw is an open-source AI assistant platform designed for deep system integrations. It connects to your filesystem, browser, APIs, calendar, email, and more. That's its selling point — and its attack surface. The platform has grown explosively because "sovere