Hermes Agent Emerges Amid OpenClaw's Security Vulnerabilities

Hermes Agent Emerges Amid OpenClaw's Security Vulnerabilities

First seen 10 Apr 2026, 04:19 UTC M.Theblockbeats.InfoChaincatcher 94% similarity 67.5

Article Content

Browse articles
ThreatCluster

On February 25, 2026, Nous Research launched Hermes Agent v0.1.0, which rapidly evolved to v0.8.0 by April 8, 2026. Concurrently, OpenClaw, a leading open-source AI Agent project, gained 346,000 stars on GitHub but faced significant security challenges, including 138 disclosed vulnerabilities within 63 days. Notably, CVE-2026-25253, a critical zero-click remote code execution vulnerability with a CVSS score of 8.8, was identified, allowing attackers to gain control over user agents. Over 42,000 OpenClaw instances were exposed on the internet, with 63% lacking proper authentication. The rapid growth of Hermes Agent is seen as a response to the eroding trust in OpenClaw, which has been marred by security issues. Hermes differentiates itself by generating skills autonomously rather than relying on user-generated content, which has been associated with numerous malicious exploits. This context highlights a competitive landscape where security and trust are paramount.

Key Points: • Hermes Agent v0.1.0 launched on February 25, 2026, and quickly reached v0.8.0 by April 8. • OpenClaw accumulated 138 security vulnerabilities, including a critical zero-click RCE (CVE-2026-25253). • Over 42,000 OpenClaw instances were exposed online, with 63% lacking gateway authentication.

ThreatCluster AI

Timeline

2026-01-27
First public PoC for CVE-2026-25253 released
2026-02-01
CVE-2026-25253 published
2026-02-25
Hermes Agent v0.1.0 released
2026-04-08
Hermes Agent iterated to v0.8.0
Recent
OpenClaw's security vulnerabilities disclosed

Community

Browse all →