It’s a day with a name ending in Y, so you know what that means: Another OpenClaw cybersecurity disaster.
This time around, SecurityScorecard’s STRIKE threat intelligence team is sounding the alarm over the sheer volume of internet-exposed OpenClaw instances it discovered, which numbers more than 135,000 as of this writing. When combined with previously known vulnerabilities in the vibe-coded AI assistant platform and links to prior breaches, STRIKE warns that there’s a systemic security failure in the open-source AI agent space.
“Our findings reveal a massive access and identity problem created by poorly secured automation at scale,” the STRIKE team wrote in a report released Monday. “Convenience-driven deployment, default settings, and weak access controls have turned powerful AI agents into high-value targets for attackers.”
- sun_is_ra@sh.itjust.worksEnglish4 months
Would be great if the article starts with: “What even is open claw?”
A picture of a cooked lobster is not helping
4 monthsI didn’t know either and so others don’t have to look it up either:
OpenClaw is a free and open-source autonomous artificial intelligence agent developed by Peter Steinberger. It is an autonomous agent that can execute tasks via large language models, using messaging platforms as its main user interface
It went through a lot of rebranding as well. You might have heard of Clawdbot or Moltbot. All the same thing.
- Trilogy3452@lemmy.worldEnglish4 months
Is that the bot in the bots social network thing they created? Or is that unrelated
- XLE@piefed.socialEnglish4 months
It’s a metaphor for the cooked humans that are spinning up super exploitable chatbots for it
Honestly not surprised. Organizations have patch and vulnerability management procedures, people just run shit until they’re prompted to update, and if they git cloned they’ll probably never be prompted.
Or not exposed to the internet. Maybe the owner pulled the repo previously, left their weekend project alone for a bit, then came back to it after all this media attention.
- Pennomi@lemmy.worldEnglish4 months
Precisely the thing everyone predicted happened? Who could have seen this coming?!
