OpenClaw Faces Security Failures Amid Rapid Growth and OpenAI Integration
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
OpenAI has integrated its ChatGPT subscriptions as the authentication layer for OpenClaw, an open-source AI agent framework with 3.2 million users. This move follows Anthropic's decision to block access to its Claude subscriptions on the same platform. OpenClaw, created by Peter Steinberger, has rapidly gained popularity but has also experienced significant security vulnerabilities. A critical remote code execution vulnerability (CVE-2026-25253) was disclosed on February 1, 2026, allowing attackers to exploit users' local servers through unvalidated WebSockets. An audit revealed 824 malicious entries in OpenClaw's skills marketplace, with over 30,000 instances exposed on the public internet without authentication. Additionally, a breach of Moltbook exposed 1.5 million API tokens and private conversations. Although vulnerabilities have been patched, many users still run outdated versions. OpenAI's decision to tie its brand to OpenClaw raises concerns about credential security in light of these incidents.
Key Points: • OpenAI's ChatGPT subscriptions now authenticate OpenClaw, impacting 3.2 million users. • CVE-2026-25253 allows remote code execution via unvalidated WebSockets, posing critical risks. • Over 30,000 OpenClaw instances are exposed online, and 824 malicious entries were found in its skills marketplace.