More than 135,000 OpenClaw instances exposed to internet in latest vibe-coded disaster

It's a day with a name ending in Y, so you know what that means: Another OpenClaw cybersecurity disaster.

This time around, SecurityScorecard's STRIKE threat intelligence team is sounding the alarm over the sheer volume of internet-exposed OpenClaw instances it discovered, which numbers more than 135,000 as of this writing. When combined with previously known vulnerabilities in the vibe-coded AI assistant platform and links to prior breaches, STRIKE warns that there's a systemic security failure in the open-source AI agent space. 

"Our findings reveal a massive access and identity problem created by poorly secured automation at scale," the STRIKE team wrote in a report released Monday. "Convenience-driven deployment, default settings, and weak access controls have turned powerful AI agents into high-value targets for attackers." 

For those unfamiliar with the saga of Clawdbot, er Moltbot, no, wait, OpenClaw (it keeps changing names), it's an open-source, vibe-coded ...