The OpenClaw Security Crisis: 135,000 Exposed AI Agents and the Runtime Governance Gap

On February 3, 2026, security researchers disclosed CVE-2026-25253 in OpenClaw — the fastest-growing open-source AI agent, then sitting at 346,000 GitHub stars. The vulnerability was severe: CVSS 8.8, one-click remote code execution via a WebSocket origin validation gap that let an attacker hijack any running OpenClaw instance, even those configured to listen only on localhost, simply by getting the user to visit a malicious webpage. Within four days, nine more CVEs dropped. By early April, researchers were tracking 138 vulnerabilities discovered over a 63-day window — roughly 2.2 new CVEs per day. The exposure scale was massive. Comprehensive scanning across multiple security firms found over 135,000 OpenClaw instances running on publicly accessible IP addresses — Bitsight's early scan window (January 27–February 8) identified 30,000+ distinct instances, while SecurityScorecard's broader scan documented over 135,000 across 82 countries. 63% had gateway authentication disabled. 28% wer