Hermes Agent Emerges Amid OpenClaw's Security Vulnerabilities

Severity: High (Score: 67.5)

Sources: M.Theblockbeats.Info, Chaincatcher

Summary

On February 25, 2026, Nous Research launched Hermes Agent v0.1.0, which rapidly evolved to v0.8.0 by April 8, 2026. Concurrently, OpenClaw, a leading open-source AI Agent project, gained 346,000 stars on GitHub but faced significant security challenges, including 138 disclosed vulnerabilities within 63 days. Notably, CVE-2026-25253, a critical zero-click remote code execution vulnerability with a CVSS score of 8.8, was identified, allowing attackers to gain control over user agents. Over 42,000 OpenClaw instances were exposed on the internet, with 63% lacking proper authentication. The rapid growth of Hermes Agent is seen as a response to the eroding trust in OpenClaw, which has been marred by security issues. Hermes differentiates itself by generating skills autonomously rather than relying on user-generated content, which has been associated with numerous malicious exploits. This context highlights a competitive landscape where security and trust are paramount. Key Points: • Hermes Agent v0.1.0 launched on February 25, 2026, and quickly reached v0.8.0 by April 8. • OpenClaw accumulated 138 security vulnerabilities, including a critical zero-click RCE (CVE-2026-25253). • Over 42,000 OpenClaw instances were exposed online, with 63% lacking gateway authentication.

Key Entities

• Malware (attack_type)
• CVE-2026-25253 (cve)
• agentskills.io (domain)
• T1071 - Application Layer Protocol (mitre_attack)
• Shodan (tool)