63,000 OpenClaw Agents Exposed: How to Detect Intrusions and Secure Your AI Agents

On April 3, 2026, widespread active exploitation of the OpenClaw agentic framework was reported, affecting tens of thousands of deployed instances. The situation has rapidly escalated across the cybersecurity community, with the top thread on the r/sysadmin subreddit (titled "If you're running OpenClaw, you probably got hacked") confirming the massive scale of the compromise.

The Target: Over 63,000 Active Autonomous Agents

OpenClaw is a highly popular open-source framework. Because it is incredibly easy to set up, thousands of non-technical users have deployed autonomous AI agents to handle their emails, code, and communications. The widely cited "135,000 exposed instances" figure originated from a SecurityScorecard scan in February 2026, which captured the peak of public internet exposure. While some instances have been taken offline since then, recent threat intelligence from Censys in late March 2026 confirmed 63,070 live instances remain actively vulnerable today. This creates a distributed attack surface of unprecedented scale.

How Are Users Being Exploited?

The core issue lies in a technical bug (CVE-2026-33579) within the OpenClaw /pair approve command. In simple terms: when an attacker connects to your OpenClaw instance over the internet, they can ask the system for "admin" rights. Due to a bug in the code, the system accidentally grants those rights automatically.

The impact is magnified significantly by how people set OpenClaw up:

• Authentication Bypass by Default: A 2026 security researcher scan confirmed that 63% of exposed OpenClaw instances are running without a password or any authentication layer.
• Cloud Servers (VPS): Many users followed tutorials that told them to rent a Virtual Private Server (VPS) like DigitalOcean, AWS, or Oracle Cloud, and install OpenClaw there. If you did this without setting up a firewall or a VPN, your instance is exposed to the entire internet.
• One-Click Hosting Services: Many users avoided the terminal entirely and used "one-click" managed deployment services like xCloud, OneClaw Hosting, or Hostinger VPS templates. These platforms spin up OpenClaw instances that are publicly accessible by default, turning them into instant, high-value targets for attackers.

Post-Exploitation: What Are Attackers Doing?

Achieving admin access grants the attacker root-level control over the agent. Threat actors are actively using this access to orchestrate secondary attacks:

• Credential Harvesting: Attackers are stealing OpenAI, Anthropic, or API keys stored in your configuration files, which can rack up massive bills on your credit card.
• Malware Deployment: Instances are being infected with cryptominers (slowing your server to a crawl) and the SparkCat malware variant, establishing persistent backdoor access to your machine.
• Account Takeovers: Because OpenClaw integrates directly with messaging platforms, attackers are pivoting to hijack your connected Telegram, WhatsApp, and Discord accounts to launch scams against your friends and contacts.

How to Detect If You've Been Compromised

If you suspect you've been hacked, here is how you can check (according to BleepingComputer):

• Check Your Logs: Look at your OpenClaw terminal logs. If you see unexpected /pair approve latest commands executed by unknown devices, you have been compromised.
• Review Configuration Files: Attackers often rewrite agent configurations (like your openclaw.json or AGENTS.md file) to add their own remote users or inject malicious AI prompts.
• Monitor Server Usage: If your server's CPU is constantly at 100%, it is likely running a hidden cryptominer installed by the attackers.

Remediation: How to Stop It

The creator of OpenClaw posted an official response on Hacker News acknowledging the severity of the incident. They are currently working with security teams from Nvidia, ByteDance, Tencent, and OpenAI to fix the code. However, if you are operating an OpenClaw instance today, you must take immediate action:

1. Assume Compromise: If you ran OpenClaw on a public cloud server (VPS) or a one-click hosting provider without a VPN or firewall, assume it has been hacked. Shut down the server immediately.
2. Revoke and Rotate: Go to OpenAI, Anthropic, and any other services you connected to OpenClaw. Delete those API keys and generate new ones. Do the same for any social media or database passwords stored on that server.
3. Use a VPN (Zero-Trust Networking): Never expose OpenClaw directly to the public internet. Use free tools like Tailscale or Cloudflare Tunnels so that only your personal devices can connect to your agent.
4. Enforce Passwords: Ensure your OpenClaw gateway is configured to require strong authentication for all connections.
5. Update OpenClaw: Keep an eye on the official OpenClaw GitHub for emergency patches. Update to version 2026.3.29 (or newer) before turning your agent back on.

The Critical Need for Security for AI Agents

The mass exploitation of OpenClaw highlights a fundamental shift in the threat landscape. As autonomous agents are granted sweeping permissions to manage our digital lives and infrastructure, they become prime targets for attackers. The attack surface is no longer just the application logic, but the agent itself.