OpenClaw: The Largest Security Incident in Sovereign AI History

42,000 exposed instances. 1.5 million leaked API tokens. RCE via your browser. This isn't a vulnerability — it's a structural catastrophe. In early 2026, security researcher Maor Dayan published findings that should have shut down enterprise AI deployments globally. Instead, most organizations running OpenClaw — the popular open-source AI assistant platform with deep system integrations — had no idea their instances were exposed. Dayan called it "the largest security incident in sovereign AI history." He wasn't exaggerating. What OpenClaw Is OpenClaw is an open-source AI assistant platform that integrates directly with organizational systems: email, calendars, file systems, code repositories, databases, APIs. It's positioned as "sovereign AI" — self-hosted, on your infrastructure, under your control. The appeal is real. You're not sending your data to OpenAI. You're running your own AI stack. For privacy-conscious enterprises, this is the promise: AI without the surveillance tradeoffs.