TL;DR: 42.9K internet-exposed OpenClaw control panels were found across 82 countries, with 15.2K instances flagged for remote code execution risk and 53.3K correlated with prior breaches, according to SecurityScorecard’s STRIKE team. The governance problem is now how to contain privileged automation before exposed agents become inherited compromise paths, showing agentic AI is often deployed with access and identity weaknesses rather than novel model flaws.
NHIMG editorial — based on content published by SecurityScorecard: STRIKE uncovers widespread OpenClaw exposure across the internet
By the numbers:
- 42.9K unique IP addresses hosting exposed OpenClaw control panels across 82 countries
- 15.2K exposed instances appear vulnerable to Remote Code Execution
- 53.3K exposed instances correlate with prior breach activity
Questions worth separating out
Q: What breaks when AI agents are given broad standing access?
A: Broad standing access breaks governance because the agent can move from one task to another without a fresh authorization check.
Q: Why do AI agents create new access risk for enterprises?
A: AI agents create access risk because they can operate with delegated authority while processing untrusted inputs.
Q: How do security teams know if an AI agent has too much access?
A: Look for agents that can reach multiple systems without task-specific limits, use persistent tokens, or touch high-value services such as email, chat, cloud consoles, and file stores.
Practitioner guidance
- Inventory every exposed agent control plane Build a complete list of internet-facing agent consoles, APIs, and plugin endpoints, then confirm which ones are bound to public interfaces, which use default settings, and which are reachable without strong authentication.
- Remove standing privilege from agent runtime identities Replace broad, persistent access with scoped service accounts, short-lived credentials, and explicit tool permissions for each agent.
- Treat leaked secrets as immediately actionable exposure Search source repositories, configuration files, and agent directories for tokens, passwords, SSH keys, OAuth secrets, and webhook credentials tied to agent deployments.
What's in the full report
SecurityScorecard's full research covers the operational detail this post intentionally leaves for the source:
- Live exposure breakdowns by country, ASN, vulnerability status, and control panel reachability.
- The dashboard view of vulnerable versions, CVE mapping, and breach correlation across OpenClaw instances.
- Public ecosystem signals such as GitHub leaks, credential exposure patterns, and tutorial-driven insecure deployments.
- The full analysis of how compromised agent access extends into messaging, browsers, and local credentials.
👉 Read SecurityScorecard's analysis of OpenClaw exposure and agent takeover risk →
OpenClaw exposure: are AI agents now privileged identities to govern?
Explore further
AI agents are becoming privileged identities before most organisations have a governance model for them. The article shows that exposed control panels, tokens, and integrations can grant an attacker the same authority the agent legitimately has. That is an identity problem as much as an AI problem, because the security boundary is defined by delegated access, not by model behaviour. Practitioners should govern agents as runtime identities with scoped privileges, lifecycle controls, and auditability.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when a compromised AI agent misuses delegated access?
A: Accountability usually spans the business owner of the workflow, the team that issued or approved the credential, and the vendor if a third-party integration was involved. The critical governance question is not who logged in, but who allowed the delegation chain to exist and remain valid. That chain must be documented before incidents occur.
👉 Read our full editorial: OpenClaw exposure shows AI agents are becoming privileged attack surfaces