OpenClaw Security Incident Timeline: How One Platform Became the Largest Sovereign AI Breach

TL;DR OpenClaw, an open-source AI assistant platform with 42,000+ exposed instances, has suffered a cascade of critical security failures: two CVSS 8.8+ CVEs, a 1.5M API token breach, 341 malicious skills in its official repository, and widespread credential exposure. This is the largest security incident in sovereign AI history. TIAMAT's Privacy Proxy was built to ensure OpenClaw users (and all AI users) never face this exposure again. What You Need To Know 42,000+ OpenClaw instances exposed on public internet, 93% with critical auth bypass CVE-2026-25253 (CVSS 8.8): One-click RCE via token theft — malicious websites hijack active OpenClaw bots via WebSocket connections CVE-2026-27487 (CVSS 8.1): macOS keychain command injection — locally escalate privileges and extract stored credentials Moltbook backend breach (Jan 2026): 1.5M API tokens + 35K user emails exposed in plaintext configuration files ClawHub malicious skills (Feb 2026): 341 weaponized skills discovered, 36.82% of scanned

OpenClaw Security Incident Timeline: How One Platform Became the Largest Sovereign AI Breach

Related Articles

10 Ways Grace Hopper Pioneered the Invention of COBOL

Do we still use StackOverflow?

Palmer Luckey’s retro gaming startup ModRetro reportedly seeks funding at $1B valuation

Cakelisp

Why octal notation should be used for UTF-8 (and Unicode) (2016)

Related Articles

News
10 Ways Grace Hopper Pioneered the Invention of COBOL
Medium Programming • 18h ago

News
Do we still use StackOverflow?
Dev.to • 18h ago

News
Palmer Luckey’s retro gaming startup ModRetro reportedly seeks funding at $1B valuation
TechCrunch • 19h ago

News
Cakelisp
Lobsters • 20h ago

News
Why octal notation should be used for UTF-8 (and Unicode) (2016)
Lobsters • 20h ago