TL;DR: Tens of thousands of exposed OpenClaw instances were found, with 35.4% flagged vulnerable, and attackers can abuse those services for remote code execution, infrastructure misuse, botnets, and crypto mining when agent permissions are broad, according to SecurityScorecard’s STRIKE team. The real issue is not autonomy, but exposed access and weak guardrails that turn agentic tools into additional identities inside the environment.
NHIMG editorial — based on content published by SecurityScorecard: exposed OpenClaw agentic AI deployments and their abuse risk
By the numbers:
- STRIKE found tens of thousands of exposed OpenClaw instances, many of which are vulnerable to Remote Code Execution, with 35.4% of observed deployments flagged as vulnerable at time of writing.
Questions worth separating out
Q: What breaks when AI agents are given broad standing access?
A: Broad standing access breaks governance because the agent can move from one task to another without a fresh authorization check.
Q: Why do exposed agentic AI deployments create more risk than ordinary web services?
A: They create more risk because the service is not just serving traffic, it is acting across systems on behalf of users or workflows.
Q: How can security teams tell if an agentic deployment is overprivileged?
A: Look for broad permissions across cloud services, internal APIs, messaging tools, and file systems that are not required for the specific workflow.
Practitioner guidance
- Inventory every agentic deployment as an identity-bearing service Record where each OpenClaw-like deployment runs, what credentials it holds, which APIs it can reach, and which downstream systems it can modify.
- Constrain the runtime with segmented network paths Place agentic systems in isolated environments so a single exposed service cannot pivot freely into internal systems.
- Reduce inherited authority before exposure Strip standing access from the agent wherever possible, bind it to narrowly scoped service accounts, and remove any credentials not required for the immediate workflow.
What's in the full report
SecurityScorecard's full research covers the operational detail this post intentionally leaves for the source:
- Updated exposure trend data from the declawed dashboard, including the 15-minute refresh model
- Vulnerability category breakdowns across exposed OpenClaw instances and how the STRIKE team classified them
- Practical reduction steps for segmentation, access scope, and runtime isolation in agentic environments
- Video discussion and source research material for teams that need implementation context beyond the summary
👉 Read SecurityScorecard’s analysis of exposed OpenClaw agentic AI deployments →
OpenClaw agent exposures: what IAM teams need to do now?
Explore further
OpenClaw exposure is an NHI governance problem first and an AI problem second. The research shows that the immediate risk is not autonomy, but exposed services with authority to act across systems. That means agentic AI deployments should be governed as non-human identities with lifecycle, access scope, and blast-radius controls, not as ordinary applications. Practitioners should align these deployments to OWASP-NHI and Zero Trust assumptions rather than waiting for an AI-specific exception.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when an AI agent accesses sensitive data it was not meant to use?
A: Accountability sits with the team that approved the agent, its connectors, and its policy boundaries, not with the runtime behaviour alone. Organisations need ownership for intent, permissions, monitoring, and validation so they can prove whether the agent stayed inside its approved purpose. Without that, audit and regulatory response become retrospective guesswork.
👉 Read our full editorial: OpenClaw exposures expose the identity gap in agentic AI security