OpenClaw Faces Security Failures Amid Rapid Growth and OpenAI Integration

OpenClaw Faces Security Failures Amid Rapid Growth and OpenAI Integration

First seen 4 May 2026, 13:32 UTC ThenextwebOpentools.Ai 85% similarity 67.5

Article Content

Browse articles
ThreatCluster

OpenAI has integrated its ChatGPT subscriptions as the authentication layer for OpenClaw, an open-source AI agent framework with 3.2 million users. This move follows Anthropic's decision to block access to its Claude subscriptions on the same platform. OpenClaw, created by Peter Steinberger, has rapidly gained popularity but has also experienced significant security vulnerabilities. A critical remote code execution vulnerability (CVE-2026-25253) was disclosed on February 1, 2026, allowing attackers to exploit users' local servers through unvalidated WebSockets. An audit revealed 824 malicious entries in OpenClaw's skills marketplace, with over 30,000 instances exposed on the public internet without authentication. Additionally, a breach of Moltbook exposed 1.5 million API tokens and private conversations. Although vulnerabilities have been patched, many users still run outdated versions. OpenAI's decision to tie its brand to OpenClaw raises concerns about credential security in light of these incidents.

Key Points: • OpenAI's ChatGPT subscriptions now authenticate OpenClaw, impacting 3.2 million users. • CVE-2026-25253 allows remote code execution via unvalidated WebSockets, posing critical risks. • Over 30,000 OpenClaw instances are exposed online, and 824 malicious entries were found in its skills marketplace.

ThreatCluster AI

Timeline

2026-01-27
First public proof of concept for CVE-2026-25253 released
2026-02-01
CVE-2026-25253 published
2026-05-02
OpenAI integrates ChatGPT subscriptions with OpenClaw
Date unknown
Audit reveals 824 malicious entries in OpenClaw's skills marketplace
Date unknown
Moltbook breach exposes 1.5 million API tokens

Community

Browse all →