Exposure of OpenClaw Control Panels Tens of thousands of personal and business AI assistants are now fully exposed to the public internet due to a serious security breach in the quickly expanding "agentic AI" ecosystem This article explores public access openclaw. . 15,200 instances of the well-known OpenClaw framework (formerly known as Moltbot) are susceptible to Remote Code Execution (RCE), which enables attackers to gain complete control of the host computers, according to new research published today by the SecurityScorecard STRIKE Threat Intelligence Team.

Through reconnaissance, the STRIKE team found 42,900 distinct IP addresses in 82 countries that were hosting exposed OpenClaw control panels. These are frequently personal workstations or cloud instances running AI agents that were unintentionally made public due to unsafe default settings, as opposed to conventional web servers meant for public access.

OpenClaw's default configuration, which binds the service to 0.0.0.0:18789 listening on all network interfaces instead of the secure 127.0.0.1 (localhost) standard, is the main source of the problem. Rotate Credentials: Rotate all API keys and tokens kept in the agent right away, treating them as compromised. Employ Secure Tunnels: Rather than opening ports to the internet directly, use zero-trust tunnels like Tailscale or Cloudflare Tunnel for remote access.

STRIKE advises security teams to monitor for anomalous outgoing command-and-control (C2) traffic coming from internal workstations and to block port 18789 at the perimeter. The community can view the remediation progress in real time thanks to a live dashboard called "Declawed," which tracks the exposure and updates the number of vulnerable instances every 15 minutes.

X, LinkedIn, and LinkedIn for daily ZeroOwl.